Описание
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | code not presnet |
| esm-infra-legacy/trusty | not-affected | code not presnet |
| esm-infra/bionic | not-affected | code not presnet |
| esm-infra/focal | not-affected | code not presnet |
| esm-infra/xenial | not-affected | code not presnet |
| focal | not-affected | code not presnet |
| jammy | not-affected | code not presnet |
| lunar | not-affected | code not presnet |
| trusty | ignored | end of standard support |
Показывать по
EPSS
8.8 High
CVSS3
Связанные уязвимости
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a ...
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
ELSA-2023-6699: krb5 security and bug fix update (MODERATE)
EPSS
8.8 High
CVSS3