CVE-2023-39975 – krb5: double-free in KDC TGS processing
https://notcve.org/view.php?id=CVE-2023-39975
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another. kdc/do_tgs_req.c en MIT Kerberos 5 (también conocido como krb5) 1.21 antes de 1.21.2 tiene un double free que es accesible si un usuario autenticado puede desencadenar un error de gestión de datos de autorización. Los datos incorrectos se copian de un ticket a otro. A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling. • https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840 https://github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-final https://security.netapp.com/advisory/ntap-20230915-0014 https://security.netapp.com/advisory/ntap-20240201-0005 https://security.netapp.com/advisory/ntap-20240201-0008 https://web.mit.edu/kerberos/www/advisories https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 • CWE-415: Double Free •
CVE-2023-36054 – krb5: Denial of service through freeing uninitialized pointer
https://notcve.org/view.php?id=CVE-2023-36054
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. • https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html https://security.netapp.com/advisory/ntap-20230908-0004 https://web.mit.edu/kerberos/www/advisories https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com • CWE-824: Access of Uninitialized Pointer •