K000138461: MIT Kerberos 5 vulnerability CVE-2023-39975

Security Advisory Description kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another. CVE-2023-39975 Impact There is no impact...

CVE-2021-37750

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/dotgsreq.c via a FAST inner body that lacks a server field...

CVE-2021-37750

CVE-2021-37750 is a vulnerability in MIT Kerberos 5 (krb5) where the Key Distribution Center (KDC) can suffer a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. Affected releases include krb5 before 1.18.5 and 1.19.x before 1.19.3. The issue can cause ...

Null pointer dereference

The processtgsreq function in dotgsreq.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash via a crafted TGS request that triggers an error other than the...