CVE-2023-39975
published 2023-08-16CVE-2023-39975: kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data…
PriorityP349high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.23%
65.2th percentile
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | — | — |
| mit | kerberos_5 | >= 1.21 < 1.21.2 | 1.21.2 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_debian8.8LOW
vendor_oracle8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle MySQL Risk Matrix: Cluster: General (Kerberos) — CVE-2023-39975
vendor_oracle·2024-01-15·CVSS 8.8
CVE-2023-39975 [HIGH] Oracle Oracle MySQL Risk Matrix: Cluster: General (Kerberos) — CVE-2023-39975
Oracle Oracle MySQL Risk Matrix: Cluster: General (Kerberos) vulnerability
CVE: CVE-2023-39975
CVSS: 8.8
Protocol: Multiple
Remote exploit: No
Affected versions: Network
Advisory: cpujan2024 (JAN 2024)
Red Hat
krb5: double-free in KDC TGS processing
vendor_redhat·2023-08-16·CVSS 8.8
CVE-2023-39975 [HIGH] CWE-415 krb5: double-free in KDC TGS processing
krb5: double-free in KDC TGS processing
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.
Statement: This vulnerability is rated as an Important because a double-free vulnerability was found in krb5 KDC within the TGS processing logic. The flaw is triggered when an authenticated attacker sends a TGS renew or validate request that induces a failure in authorization data handling. This action causes the same memory pointer to be freed tw
Debian
CVE-2023-39975: krb5 - kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double fr...
vendor_debian·2023·CVSS 8.8
CVE-2023-39975 [HIGH] CVE-2023-39975: krb5 - kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double fr...
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-4grv-wgvh-8x82: kdc/do_tgs_req
ghsa_unreviewed·2023-08-16
CVE-2023-39975 [HIGH] CWE-415 GHSA-4grv-wgvh-8x82: kdc/do_tgs_req
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840https://github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-finalhttps://security.netapp.com/advisory/ntap-20230915-0014/https://security.netapp.com/advisory/ntap-20240201-0005/https://security.netapp.com/advisory/ntap-20240201-0008/https://web.mit.edu/kerberos/www/advisories/https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840https://github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-finalhttps://security.netapp.com/advisory/ntap-20230915-0014/https://security.netapp.com/advisory/ntap-20240201-0005/https://security.netapp.com/advisory/ntap-20240201-0008/https://web.mit.edu/kerberos/www/advisories/
2023-08-16
Published