rocket-tools/riscv-gnu-toolchain/qemu/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/krb5.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Greg Hudson <ghudson@mit.edu>	2023-06-21 10:57:39 -0400
committer	Greg Hudson <ghudson@mit.edu>	2023-07-06 17:15:08 -0400
commit	c81ffb6c8578a9b55c9d0a10342b5bc1bc6ec4df (patch)
tree	134c7c37c8115849fe37636cff91a63b325fbe5d /src/windows/version.rc
parent	5c2f26a24235228a436e7a03bb567a1269db71f2 (diff)
download	krb5-c81ffb6c8578a9b55c9d0a10342b5bc1bc6ec4df.zip krb5-c81ffb6c8578a9b55c9d0a10342b5bc1bc6ec4df.tar.gz krb5-c81ffb6c8578a9b55c9d0a10342b5bc1bc6ec4df.tar.bz2

Ensure array count consistency in kadm5 RPC

In _xdr_kadm5_principal_ent_rec(), ensure that n_key_data matches the key_data array count when decoding. Otherwise when the structure is later freed, xdr_array() could iterate over the wrong number of elements, either leaking some memory or freeing uninitialized pointers. Reported by Robert Morris. CVE-2023-36054: An authenticated attacker can cause a kadmind process to crash by freeing uninitialized pointers. Remote code execution is unlikely. An attacker with control of a kadmin server can cause a kadmin client to crash by freeing uninitialized pointers. (cherry picked from commit ef08b09c9459551aabbe7924fb176f1583053cdd) ticket: 9099 version_fixed: 1.20.2

Diffstat (limited to 'src/windows/version.rc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: