摘要:
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
安全等级: Low
公告ID: KylinSec-SA-2024-1101
发布日期: 2024年2月26日
关联CVE: CVE-2023-39975
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2023-39975 | KY3.4-4A | krb5 | Unaffected |
| CVE-2023-39975 | KY3.4-5A | krb5 | Unaffected |
| CVE-2023-39975 | KY3.5.1 | krb5 | Unaffected |
| CVE-2023-39975 | KY3.5.2 | krb5 | Unaffected |
