[Midnightbsd-cvs] [MidnightBSD/src] b89fd8: heimdal: Fix NULL deref
Cy Schubert
noreply at github.com
Thu Mar 28 08:44:52 EDT 2024
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: b89fd8030614e835e5d8408eb0b344cc14263acb
https://github.com/MidnightBSD/src/commit/b89fd8030614e835e5d8408eb0b344cc14263acb
Author: Cy Schubert <cy at FreeBSD.org>
Date: 2024-03-28 (Thu, 28 Mar 2024)
Changed paths:
M crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c
Log Message:
-----------
heimdal: Fix NULL deref
A flawed logical condition allows a malicious actor to remotely
trigger a NULL pointer dereference using a crafted negTokenInit
token.
Upstream notes:
Reported to Heimdal by Michał Kępień <michal at isc.org>.
From the report:
Acknowledgement
---------------
This flaw was found while working on addressing ZDI-CAN-12302: ISC BIND
TKEY Query Heap-based Buffer Overflow Remote Code Execution
Vulnerability, which was reported to ISC by Trend Micro's Zero Day
Security: CVE-2022-3116
Obtained from: upstream 7a19658c1
(cherry picked from commit fc773115fa2dbb6c01377f2ed47dabf79a4e361a)
(cherry picked from commit 6b421e431a2de6eb9e8bd670efffe76e6617d520)
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list