HomeFreeBSD
Diffusion FreeBSD src repository 6b421e431a2d

heimdal: Fix NULL deref
6b421e431a2d
Actions

Description

heimdal: Fix NULL deref

A flawed logical condition allows a malicious actor to remotely
trigger a NULL pointer dereference using a crafted negTokenInit
token.

Upstream notes:

Reported to Heimdal by Michał Kępień <michal@isc.org>.

From the report:

Acknowledgement
---------------

This flaw was found while working on addressing ZDI-CAN-12302: ISC BIND
TKEY Query Heap-based Buffer Overflow Remote Code Execution
Vulnerability, which was reported to ISC by Trend Micro's Zero Day

Security: CVE-2022-3116
Obtained from: upstream 7a19658c1

(cherry picked from commit fc773115fa2dbb6c01377f2ed47dabf79a4e361a)

Details

Provenance
cyAuthored on Feb 15 2024, 3:41 PM
Parents
rGa311b9d70863: heimdal: always confirm PA-PKINIT-KX for anon PKINIT
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
crypto/
heimdal/
lib/
gssapi/
spnego/

rG6b421e431a2d

View Options

crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c

Loading...