CVE-2023-39975
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Aug 16, 2023
Updated: Feb 1, 2024
CWE ID 415
Summary
CVE-2023-39975 is a vulnerability affecting the MIT Kerberos 5 (krb5) software version 1.21 and below. This issue involves a double free error in the kdc/do_tgs_req.c file. When an authenticated user triggers an authorization-data handling failure, incorrect data is copied from one ticket to another, leading to a potential security vulnerability. Attackers could exploit this flaw to execute arbitrary code or gain unauthorized access to sensitive information. System administrators are urged to update to the latest version of MIT Kerberos to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Massachusetts Institute of Technology