FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
094e4a5b-6511-11ed-8c5e-206a8a720317	krb5 -- Integer overflow vulnerabilities in PAC parsing MITKRB5-SA-2022-001 Vulnerabilities in PAC parsing: Due to an integer overflow vulnerabilities in PAC parsing An authenticated attacker may be able to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. On 32-bit platforms an authenticated attacker may be able to cause heap corruption resulting in an RCE. Discovery 2022-11-05 Entry 2022-11-15 krb5 < 1.19.3_1 > 1.20 lt 1.20_1 krb5-120 < 1.20_1 krb5-119 < 1.19.3_1 krb5-devel < 1.20.2022.11.03 CVE-2022-42898 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42898
a6986f0f-3ac0-11ee-9a88-206a8a720317	krb5 -- Double-free in KDC TGS processing SO-AND-SO reports: When issuing a ticket for a TGS renew or validate request, copy only the server field from the outer part of the header ticket to the new ticket. Copying the whole structure causes the enc_part pointer to be aliased to the header ticket until krb5_encrypt_tkt_part() is called, resulting in a double-free if handle_authdata() fails.. Discovery 2023-08-07 Entry 2023-08-14 krb5 < 1.21.1_1 krb5-121 < 1.21.1_1 krb5-devel < 1.22.2023.08.07 CVE-2023-39975 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39975

VuXML ID

Description

094e4a5b-6511-11ed-8c5e-206a8a720317

krb5 -- Integer overflow vulnerabilities in PAC parsing

MITKRB5-SA-2022-001 Vulnerabilities in PAC parsing:

Due to an integer overflow vulnerabilities in PAC parsing An authenticated attacker may be able to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service.

On 32-bit platforms an authenticated attacker may be able to cause heap corruption resulting in an RCE.

Discovery 2022-11-05
Entry 2022-11-15
krb5

< 1.19.3_1

> 1.20 lt 1.20_1

krb5-120

< 1.20_1

krb5-119

< 1.19.3_1

krb5-devel

< 1.20.2022.11.03

CVE-2022-42898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42898

a6986f0f-3ac0-11ee-9a88-206a8a720317

krb5 -- Double-free in KDC TGS processing

SO-AND-SO reports:

When issuing a ticket for a TGS renew or validate request, copy only the server field from the outer part of the header ticket to the new ticket. Copying the whole structure causes the enc_part pointer to be aliased to the header ticket until krb5_encrypt_tkt_part() is called, resulting in a double-free if handle_authdata() fails..

Discovery 2023-08-07
Entry 2023-08-14
krb5

< 1.21.1_1

krb5-121

< 1.21.1_1

krb5-devel

< 1.22.2023.08.07

CVE-2023-39975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39975