Diffusion FreeBSD src repository 88bdc4bb60df

heimdal: Fix NULL deref
88bdc4bb60df
Actions

Description

heimdal: Fix NULL deref

A flawed logical condition allows a malicious actor to remotely
trigger a NULL pointer dereference using a crafted negTokenInit
token.

Upstream notes:

Reported to Heimdal by Michał Kępień <michal@isc.org>.

From the report:

Acknowledgement
---------------

This flaw was found while working on addressing ZDI-CAN-12302: ISC BIND
TKEY Query Heap-based Buffer Overflow Remote Code Execution
Vulnerability, which was reported to ISC by Trend Micro's Zero Day

Security: CVE-2022-3116
Obtained from: upstream 7a19658c1
MFS requested by: re (cperciva)
Approved by: re (cperciva)

(cherry picked from commit fc773115fa2dbb6c01377f2ed47dabf79a4e361a)
(cherry picked from commit 6b421e431a2de6eb9e8bd670efffe76e6617d520)

Details

Provenance

cy	Authored on Feb 15 2024, 3:41 PM

Parents

rG9f2e70a87d6e: heimdal: always confirm PA-PKINIT-KX for anon PKINIT

Branches

Unknown

Tags

Unknown

Event Timeline

cy committed rG88bdc4bb60df: heimdal: Fix NULL deref (authored by cy).Feb 21 2024, 2:01 PM

Changes (1)

Path

Size

crypto/

heimdal/

lib/

gssapi/

spnego/

accept_sec_context.c

rG88bdc4bb60df

View Options

crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c