CVE-2023-39975

kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840	Patch
https://github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-final	Patch
https://security.netapp.com/advisory/ntap-20230915-0014/
https://security.netapp.com/advisory/ntap-20240201-0005/
https://security.netapp.com/advisory/ntap-20240201-0008/
https://web.mit.edu/kerberos/www/advisories/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

History

01 Feb 2024, 17:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240201-0005/ - () https://security.netapp.com/advisory/ntap-20240201-0008/ -

Information

Published : 2023-08-16 15:15

Updated : 2024-02-01 17:15

NVD link : CVE-2023-39975

Mitre link : CVE-2023-39975

CVE.ORG link : CVE-2023-39975

JSON object : View

Products Affected

mit

kerberos_5

CWE

CWE-415

Double Free

{"id": "CVE-2023-39975", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-08-16T15:15:11.277", "references": [{"url": "https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-final", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20230915-0014/", "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20240201-0005/", "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20240201-0008/", "source": "cve@mitre.org"}, {"url": "https://web.mit.edu/kerberos/www/advisories/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-415"}]}], "descriptions": [{"lang": "en", "value": "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another."}, {"lang": "es", "value": "kdc/do_tgs_req.c en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) 1.21 antes de 1.21.2 tiene un double free que es accesible si un usuario autenticado puede desencadenar un error de gesti\u00f3n de datos de autorizaci\u00f3n. Los datos incorrectos se copian de un ticket a otro."}], "lastModified": "2024-02-01T17:15:08.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA50866D-BAAB-46DD-A6AC-8F8539414285", "versionEndExcluding": "1.21.2", "versionStartIncluding": "1.21"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}