CVE-2023-39975

kdc/dotgsreq.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.

References

Affected packages

Git / github.com/krb5/krb5

Affected ranges

Type: GIT
Repo: https://github.com/krb5/krb5
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

88a1701b423c13991a8064feeb26952d3641d840

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "320454298178522418562667310032970752216",
                "length": 4719.0
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840",
            "id": "CVE-2023-39975-cda3b428",
            "signature_version": "v1",
            "target": {
                "file": "src/kdc/do_tgs_req.c",
                "function": "tgs_issue_ticket"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "249527239416159802841043011231302665113",
                    "298421117556655566649449782382697694538",
                    "158274467088385907000702346063051540256",
                    "223905517715603812869864634685656201230"
                ]
            },
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840",
            "id": "CVE-2023-39975-d6bbdbab",
            "signature_version": "v1",
            "target": {
                "file": "src/kdc/do_tgs_req.c"
            }
        }
    ]
}