upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-04 06:15:33 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/crypto/heimdal/lib/gssapi
History
Cy Schubert 5b7c923d95 heimdal: Fix NULL deref 
A flawed logical condition allows a malicious actor to remotely
trigger a NULL pointer dereference using a crafted negTokenInit
token.

Upstream notes:

    Reported to Heimdal by Michał Kępień <michal@isc.org>.

    From the report:

    Acknowledgement
    ---------------

    This flaw was found while working on addressing ZDI-CAN-12302: ISC BIND
    TKEY Query Heap-based Buffer Overflow Remote Code Execution
    Vulnerability, which was reported to ISC by Trend Micro's Zero Day

Security:	CVE-2022-3116
Obtained from:	upstream 7a19658c1

(cherry picked from commit fc773115fa)
2024-02-21 05:42:58 -08:00
..
gssapi
krb5 heimdal: Fix CVE-2022-4152, signature validation error 2023-03-09 17:18:49 -08:00
mech heimdal: Fix multiple security vulnerabilities 2022-11-15 13:12:37 -08:00
ntlm heimdal: Fix multiple security vulnerabilities 2022-11-15 13:12:37 -08:00
spnego heimdal: Fix NULL deref 2024-02-21 05:42:58 -08:00
ChangeLog
gss-commands.in
gss_acquire_cred.3
gssapi.3
gssapi.h
gssapi_mech.h
gsstool.c
Makefile.am
Makefile.in
test_acquire_cred.c
test_common.c
test_common.h
test_context.c
test_cred.c
test_kcred.c
test_names.c
test_ntlm.c
test_oid.c
version-script.map