[17096] in Kerberos-V5-bugs
[krbdev.mit.edu #9206] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Sat Apr 18 17:49:44 2026
From: "Greg Hudson via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.3-2-3557854-1776548979-1683.9206-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9206":;
Date: Sat, 18 Apr 2026 17:49:39 -0400
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: krb5-bugs-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Sat Apr 18 17:49:39 2026: Request 9206 was acted upon.
Transaction: Ticket created by ghudson@mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson@mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9206 >
Prevent read overrun in libkdb_ldap
In berval2tl_data(), reject inputs of length less than 2 to prevent an
integer underflow and subsequent read overrun. (The security impact
is negligible as the attacker would have to control the KDB LDAP
server.)
[ghudson@mit.edu: wrote commit message]
https://github.com/krb5/krb5/commit/2a5fd83d4436583f2ddc0e193269a4d800ee45c4
Author: Sebastián Alba <sebasjosue84@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 2a5fd83d4436583f2ddc0e193269a4d800ee45c4
Branch: master
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 3 +++
1 file changed, 3 insertions(+)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
