upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-08 16:22:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/crypto/heimdal/lib/gssapi/spnego
History
Cy Schubert 5b7c923d95 heimdal: Fix NULL deref 
A flawed logical condition allows a malicious actor to remotely
trigger a NULL pointer dereference using a crafted negTokenInit
token.

Upstream notes:

    Reported to Heimdal by Michał Kępień <michal@isc.org>.

    From the report:

    Acknowledgement
    ---------------

    This flaw was found while working on addressing ZDI-CAN-12302: ISC BIND
    TKEY Query Heap-based Buffer Overflow Remote Code Execution
    Vulnerability, which was reported to ISC by Trend Micro's Zero Day

Security:	CVE-2022-3116
Obtained from:	upstream 7a19658c1

(cherry picked from commit fc773115fa)
2024-02-21 05:42:58 -08:00
..
accept_sec_context.c
compat.c
context_stubs.c
cred_stubs.c
external.c
init_sec_context.c
spnego-private.h
spnego.asn1
spnego.opt
spnego_locl.h