You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An incorrect free when decoding target information can trigger a denial of service.
Details
The error condition incorrectly assumed the cb and sh buffers would contain a copy of the data that needed to be freed. However that is not the case.
Impact
This vulnerability can be triggered via the main gss_accept_sec_context entry point. This will likely trigger an assertion failure in free, causing a denial-of-service.
philipturnbull Reporter
Summary
An incorrect free when decoding target information can trigger a denial of service.
Details
The error condition incorrectly assumed the
cbandshbuffers would contain a copy of the data that needed to be freed. However that is not the case.Impact
This vulnerability can be triggered via the main
gss_accept_sec_contextentry point. This will likely trigger an assertion failure infree, causing a denial-of-service.