GSD-2023-39975
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-39975",
"id": "GSD-2023-39975"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-39975"
],
"details": "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.",
"id": "GSD-2023-39975",
"modified": "2023-12-13T01:20:33.234415Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-39975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web.mit.edu/kerberos/www/advisories/",
"refsource": "MISC",
"url": "https://web.mit.edu/kerberos/www/advisories/"
},
{
"name": "https://github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-final",
"refsource": "MISC",
"url": "https://github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-final"
},
{
"name": "https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840"
},
{
"name": "https://security.netapp.com/advisory/ntap-20230915-0014/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20230915-0014/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20240201-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20240201-0008/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20240201-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20240201-0005/"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA50866D-BAAB-46DD-A6AC-8F8539414285",
"versionEndExcluding": "1.21.2",
"versionStartIncluding": "1.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another."
},
{
"lang": "es",
"value": "kdc/do_tgs_req.c en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) 1.21 antes de 1.21.2 tiene un double free que es accesible si un usuario autenticado puede desencadenar un error de gesti\u00f3n de datos de autorizaci\u00f3n. Los datos incorrectos se copian de un ticket a otro."
}
],
"id": "CVE-2023-39975",
"lastModified": "2024-02-01T17:15:08.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-16T15:15:11.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-final"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20230915-0014/"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20240201-0005/"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20240201-0008/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://web.mit.edu/kerberos/www/advisories/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…