FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
094e4a5b-6511-11ed-8c5e-206a8a720317krb5 -- Integer overflow vulnerabilities in PAC parsing

MITKRB5-SA-2022-001 Vulnerabilities in PAC parsing:

Due to an integer overflow vulnerabilities in PAC parsing An authenticated attacker may be able to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service.

On 32-bit platforms an authenticated attacker may be able to cause heap corruption resulting in an RCE.


Discovery 2022-11-05
Entry 2022-11-15
krb5
< 1.19.3_1

> 1.20 lt 1.20_1

krb5-120
< 1.20_1

krb5-119
< 1.19.3_1

krb5-devel
< 1.20.2022.11.03

CVE-2022-42898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42898
a6986f0f-3ac0-11ee-9a88-206a8a720317krb5 -- Double-free in KDC TGS processing

SO-AND-SO reports:

When issuing a ticket for a TGS renew or validate request, copy only the server field from the outer part of the header ticket to the new ticket. Copying the whole structure causes the enc_part pointer to be aliased to the header ticket until krb5_encrypt_tkt_part() is called, resulting in a double-free if handle_authdata() fails..


Discovery 2023-08-07
Entry 2023-08-14
krb5
< 1.21.1_1

krb5-121
< 1.21.1_1

krb5-devel
< 1.22.2023.08.07

CVE-2023-39975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39975