CVE-2023-39975

Published: Aug 16, 2023

Modified: Feb 25, 2026

PUBLISHED

Description

kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://web.mit.edu/kerberos/www/advisories/

https://github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-final

https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840

https://security.netapp.com/advisory/ntap-20230915-0014/

https://security.netapp.com/advisory/ntap-20240201-0008/

https://security.netapp.com/advisory/ntap-20240201-0005/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-39975

Description

Affected Products

References