8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
41.4%
libkrb5.so is vulnerable to Double Free. The vulnerability exists due to a failure in authorization data handling in the do_tgs_req.c
, which allows an attacker to cause the Key Distribution Center (KDC) to free the same pointer twice when incorrect data is copied from one ticket to another.
CPE | Name | Operator | Version |
---|---|---|---|
libkrb5.so | eq | 3.3 | |
libkrb5.so | eq | 3.3 |
github.com/advisories/GHSA-4grv-wgvh-8x82
github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840
github.com/krb5/krb5/commit/f4dcb7e442e0f314db5b4f7449aa101cbb28bdd4
github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-final
github.com/krb5/krb5/pull/1312
security.netapp.com/advisory/ntap-20230915-0014/
security.netapp.com/advisory/ntap-20240201-0005/
security.netapp.com/advisory/ntap-20240201-0008/
web.mit.edu/kerberos/www/advisories/