Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in
/krb5/src/lib/gssapi/krb5/k5sealv3.c.
Author | Note |
---|---|
Priority reason: memory leak only unlikely to be triggered | |
mdeslaur | per upstream: “The k5sealv3.c leak affects an encoding function, and happens on a bounds check which likely cannot be triggered with any choice of memory-valid API inputs. (The bounds check was itself introduced to quash a different static analysis defect.)” |