Lucene search

K
cvelistMitreCVELIST:CVE-2023-39975
HistoryAug 16, 2023 - 12:00 a.m.

CVE-2023-39975

2023-08-1600:00:00
mitre
www.cve.org
mit kerberos
1.21.2
double free vulnerability
authorization-data handling failure
data copying

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.