{"id":"CVE-2023-39975","details":"kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.","modified":"2026-05-01T04:20:28.219837Z","published":"2023-08-16T00:00:00Z","related":["ALSA-2023:6699","openSUSE-SU-2024:13527-1"],"database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/39xxx/CVE-2023-39975.json"},"references":[{"type":"WEB","url":"https://github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-final"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/39xxx/CVE-2023-39975.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39975"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230915-0014/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240201-0005/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240201-0008/"},{"type":"ADVISORY","url":"https://web.mit.edu/kerberos/www/advisories/"},{"type":"FIX","url":"https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/krb5/krb5","events":[{"introduced":"7efe9fc3551f0e1368fb6b7832161ebad942ed72"},{"fixed":"835f6e3d819beb7ee1046f01afb284b54ad54c5f"},{"fixed":"88a1701b423c13991a8064feeb26952d3641d840"}],"database_specific":{"extracted_events":[{"introduced":"1.21"},{"fixed":"1.21.2"}],"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*"}}],"versions":["krb5-1.21-final","krb5-1.21.1-final"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-39975.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}