FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5 -- Integer overflow vulnerabilities in PAC parsing

Affected packages
krb5 < 1.19.3_1
1.20 < krb5 < 1.20_1
krb5-120 < 1.20_1
krb5-119 < 1.19.3_1
krb5-devel < 2022.11.03

Details

VuXML ID 094e4a5b-6511-11ed-8c5e-206a8a720317
Discovery 2022-11-05
Entry 2022-11-15

MITKRB5-SA-2022-001 Vulnerabilities in PAC parsing:

Due to an integer overflow vulnerabilities in PAC parsing An authenticated attacker may be able to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service.

On 32-bit platforms an authenticated attacker may be able to cause heap corruption resulting in an RCE.

References

CVE Name CVE-2022-42898
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42898