CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-39975 – krb5: double-free in KDC TGS processing
https://notcve.org/view.php?id=CVE-2023-39975
16 Aug 2023 — kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another. kdc/do_tgs_req.c en MIT Kerberos 5 (también conocido como krb5) 1.21 antes de 1.21.2 tiene un double free que es accesible si un usuario autenticado puede desencadenar un error de gestión de datos de autorización. Los datos incorrectos se copian de un ticket a otro. A vulnerabilit... • https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840 • CWE-415: Double Free •
CVSS: 6.8EPSS: 2%CPEs: 9EXPL: 0CVE-2023-36054 – krb5: Denial of service through freeing uninitialized pointer
https://notcve.org/view.php?id=CVE-2023-36054
07 Aug 2023 — lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship betwee... • https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd • CWE-824: Access of Uninitialized Pointer •