Package: libkrb5-3
Version: 1.8.3+dgsg-4squeeze7
Tags: security fixed-upstream

The build_principal_va() function uses strdup() on the supplied realm; in
the TGS-REQ processing the KDC does this on an untrusted piece of data
from the network, causing a mismatch between the length accessed and the
length allocated, which could cause the KDC process to crash.

Fixed in
https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789

-Ben

Reply via email to