CVE-2004-0523 [Critical] | Memory Corruption in Kerberos

CVE-2004-0523 is rated High Risk (68.4/100): CVSS Critical severity, with high exploitation likelihood (EPSS 11.67%, 95th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. High exploitation likelihood—assess exposure and prioritize remediation.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	25.93%	11.67%	-14.26%
2	2026-03-02	16.71%	25.93%	+9.22%
3	2026-02-06	—	16.71%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

25.93%

11.67%

-14.26%

2026-03-02

16.71%

25.93%

+9.22%

2026-02-06

—

16.71%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
10.0	2.0	HIGH	`AV:N/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	10.0	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

10.0

2.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

10.0

[email protected]

OS Trackers for CVE-2004-0523

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2004-0523 not yet assigned priority: Debian including 1 source packages (krb5), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2004-0523
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2004-0523
`ubuntu`	medium	CVE-2004-0523 medium priority: Ubuntu including 1 source packages (krb5), 4 status rows across 4 suites (dapper, edgy, feisty, upstream): released 3, needs-triage 1.	https://ubuntu.com/security/CVE-2004-0523

Affected software / configurations for CVE-2004-0523

Vendor	Product	Version	Raw CPE
mit	kerberos	1.0	cpe:2.3:a:mit:kerberos:1.0:::::::*
mit	kerberos	1.0.8	cpe:2.3:a:mit:kerberos:1.0.8:::::::*
mit	kerberos	1.2.2.beta1	cpe:2.3:a:mit:kerberos:1.2.2.beta1:::::::*
mit	kerberos_5	1.0	cpe:2.3:a:mit:kerberos_5:1.0:::::::*
mit	kerberos_5	1.0.6	cpe:2.3:a:mit:kerberos_5:1.0.6:::::::*
mit	kerberos_5	1.1	cpe:2.3:a:mit:kerberos_5:1.1:::::::*
mit	kerberos_5	1.1.1	cpe:2.3:a:mit:kerberos_5:1.1.1:::::::*
mit	kerberos_5	1.2	cpe:2.3:a:mit:kerberos_5:1.2:::::::*
mit	kerberos_5	1.2	cpe:2.3:a:mit:kerberos_5:1.2:beta1::::::
mit	kerberos_5	1.2	cpe:2.3:a:mit:kerberos_5:1.2:beta2::::::
mit	kerberos_5	1.2.1	cpe:2.3:a:mit:kerberos_5:1.2.1:::::::*
mit	kerberos_5	1.2.2	cpe:2.3:a:mit:kerberos_5:1.2.2:::::::*
mit	kerberos_5	1.2.3	cpe:2.3:a:mit:kerberos_5:1.2.3:::::::*
mit	kerberos_5	1.2.4	cpe:2.3:a:mit:kerberos_5:1.2.4:::::::*
mit	kerberos_5	1.2.5	cpe:2.3:a:mit:kerberos_5:1.2.5:::::::*
mit	kerberos_5	1.2.6	cpe:2.3:a:mit:kerberos_5:1.2.6:::::::*
mit	kerberos_5	1.2.7	cpe:2.3:a:mit:kerberos_5:1.2.7:::::::*
mit	kerberos_5	1.3	cpe:2.3:a:mit:kerberos_5:1.3:::::::*
mit	kerberos_5	1.3	cpe:2.3:a:mit:kerberos_5:1.3:alpha1::::::
mit	kerberos_5	1.3.3	cpe:2.3:a:mit:kerberos_5:1.3.3:::::::*
sgi	propack	2.4	cpe:2.3:a:sgi:propack:2.4:::::::*
sgi	propack	3.0	cpe:2.3:a:sgi:propack:3.0:::::::*
sun	seam	1.0	cpe:2.3:a:sun:seam:1.0:::::::*
sun	seam	1.0.1	cpe:2.3:a:sun:seam:1.0.1:::::::*
sun	seam	1.0.2	cpe:2.3:a:sun:seam:1.0.2:::::::*
tinysofa	tinysofa_enterprise_server	1.0	cpe:2.3:a:tinysofa:tinysofa_enterprise_server:1.0:::::::*
tinysofa	tinysofa_enterprise_server	1.0_u1	cpe:2.3:a:tinysofa:tinysofa_enterprise_server:1.0_u1:::::::*
sun	solaris	8.0	cpe:2.3:o:sun:solaris:8.0::x86:::::
sun	solaris	9.0	cpe:2.3:o:sun:solaris:9.0::sparc:::::
sun	solaris	9.0	cpe:2.3:o:sun:solaris:9.0::x86:::::
sun	sunos	5.8	cpe:2.3:o:sun:sunos:5.8:::::::*

References for CVE-2004-0523

URL	Tags
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860
http://lwn.net/Articles/88206/
http://marc.info/?l=bugtraq&m=108612325909496&w=2
http://marc.info/?l=bugtraq&m=108619161815320&w=2
http://marc.info/?l=bugtraq&m=108619250923790&w=2
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101512-1
http://www.debian.org/security/2004/dsa-520	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200406-21.xml
http://www.kb.cert.org/vuls/id/686862	Third Party Advisory US Government Resource
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:056
http://www.redhat.com/support/errata/RHSA-2004-236.html
http://www.securityfocus.com/bid/10448
https://exchange.xforce.ibmcloud.com/vulnerabilities/16268
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10295
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A724
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A991

URL

CVE-2004-0523

Exploit prediction scoring system (EPSS) score for CVE-2004-0523

Common vulnerability scoring system (CVSS) metrics for CVE-2004-0523

Weakness enumeration for CVE-2004-0523

OS Trackers for CVE-2004-0523

Affected software / configurations for CVE-2004-0523

References for CVE-2004-0523