CVE-2023-39975
16.08.2023, 15:15
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mit | kerberos_5 | 1.21 ≤ 𝑥 < 1.21.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Red Hat Enterprise Linux Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| krb5-debuginfo |
| ||
| krb5-debugsource |
| ||
| krb5-devel |
| ||
| krb5-libs |
| ||
| krb5-libs-debuginfo |
| ||
| krb5-pkinit |
| ||
| krb5-pkinit-debuginfo |
| ||
| krb5-server |
| ||
| krb5-server-debuginfo |
| ||
| krb5-server-ldap |
| ||
| krb5-server-ldap-debuginfo |
| ||
| krb5-workstation |
| ||
| krb5-workstation-debuginfo |
| ||
| libkadm5 |
| ||
| libkadm5-debuginfo |
|
Common Weakness Enumeration
References