Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2009-4212

EPSS 16.48% · P95
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-4212

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
MIT Kerberos AES和RC4解密整数下溢漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Kerberos是美国麻省理工学院(MIT)开发的一套网络认证协议,它采用客户端/服务器结构,并且客户端和服务器端均可对对方进行身份认证(即双重验证),可防止窃听、防止replay攻击等。MIT Kerberos 5(又名krb5)是美国麻省理工学院(MIT)开发的一套网络认证协议,它采用客户端/服务器结构,并且客户端和服务器端均可对对方进行身份认证(即双重验证),可防止窃听、防止replay攻击等。 Kerberos的crypto库在执行AES和RC4解密操作时存在整数下溢漏洞,用户受骗解密了无效的AE
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2009-4212

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2009-4212

登录查看更多情报信息。

Same Patch Batch · n/a · 2010-01-13 · 50 CVEs total

CVE-2010-0067Oracle Application Server Containers for J2EE组件未明安全漏洞
CVE-2010-0074Oracle BEA WebLogic Server组件数据可用性漏洞
CVE-2010-0078Oracle WebLogic Server组件
CVE-2010-0079Oracle BEA Product Suite JRockit组件存在多个漏洞
CVE-2010-0080Oracle PeopleSoft Enterprise HCM系统eProfile组件安全漏洞
CVE-2010-0279BTS-GI Read excel 'upload.php'无限制文件上传漏洞
CVE-2009-4491Acme thttpd非打印字符溢出序列的HTTP请求任意文件执行和重写漏洞
CVE-2010-0077Oracle 2010年1月更新修复多个E-Business套件漏洞
CVE-2010-0069Oracle WebLogic Server 未明数据的机密性漏洞
CVE-2010-0068Oracle WebLogic Server 未明数据的机密漏洞
CVE-2010-0070Oracle Application Server Containers for J2EE组件未明数据完整性漏洞
CVE-2010-0066Oracle Application Server Access Manager Identity Server组件未明安全漏洞
CVE-2009-3416Oracle E-Business Suite Oracle Application Object Library组件安全漏洞
CVE-2009-3415Oracle 2010年1月更新修复Oracle Database多个安全漏洞
CVE-2009-3414Oracle Spatial组件未明安全漏洞
CVE-2009-3413Oracle Spatial组件未明漏洞
CVE-2009-3412Oracle Unzip组件未明漏洞
CVE-2009-3411Oracle Data Pump组件未明漏洞
CVE-2009-3410Oracle RDBMS组件未明漏洞
CVE-2009-1996Oracle Logical Standby组件未明漏洞

Showing top 20 of 50 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2009-4212

No comments yet

Leave a comment