{"id":"CVE-2023-39975","details":"kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.","modified":"2026-04-12T05:13:27.009936Z","published":"2023-08-16T15:15:11.277Z","related":["ALSA-2023:6699","openSUSE-SU-2024:13527-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230915-0014/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240201-0005/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240201-0008/"},{"type":"ADVISORY","url":"https://web.mit.edu/kerberos/www/advisories/"},{"type":"FIX","url":"https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840"},{"type":"FIX","url":"https://github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-final"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/krb5/krb5","events":[{"introduced":"7efe9fc3551f0e1368fb6b7832161ebad942ed72"},{"fixed":"835f6e3d819beb7ee1046f01afb284b54ad54c5f"},{"fixed":"88a1701b423c13991a8064feeb26952d3641d840"}],"database_specific":{"versions":[{"introduced":"1.21"},{"fixed":"1.21.2"}]}}],"versions":["krb5-1.21-final","krb5-1.21.1-final"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39975.json","vanir_signatures":[{"signature_type":"Function","target":{"function":"tgs_issue_ticket","file":"src/kdc/do_tgs_req.c"},"source":"https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840","signature_version":"v1","deprecated":false,"id":"CVE-2023-39975-cda3b428","digest":{"function_hash":"320454298178522418562667310032970752216","length":4719}},{"signature_type":"Line","target":{"file":"src/kdc/do_tgs_req.c"},"source":"https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840","signature_version":"v1","deprecated":false,"id":"CVE-2023-39975-d6bbdbab","digest":{"line_hashes":["249527239416159802841043011231302665113","298421117556655566649449782382697694538","158274467088385907000702346063051540256","223905517715603812869864634685656201230"],"threshold":0.9}}],"vanir_signatures_modified":"2026-04-12T05:13:27Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}