FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5 -- Double-free in KDC TGS processing

Affected packages
krb5 < 1.21.1_1
krb5-121 < 1.21.1_1
krb5-devel < 1.22.2023.08.07

Details

VuXML ID a6986f0f-3ac0-11ee-9a88-206a8a720317
Discovery 2023-08-07
Entry 2023-08-14

SO-AND-SO reports:

When issuing a ticket for a TGS renew or validate request, copy only the server field from the outer part of the header ticket to the new ticket. Copying the whole structure causes the enc_part pointer to be aliased to the header ticket until krb5_encrypt_tkt_part() is called, resulting in a double-free if handle_authdata() fails..

[source]

References

CVE Name CVE-2023-39975
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39975

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.