Skip Menu |
 

From: tlyu@mit.edu
Subject: SVN Commit

pull up rxxxxx from trunk

SPNEGO can read beyond the end of a buffer if the claimed DER length
exceeds the number of bytes in the input buffer. This can lead to
crash or information disclosure.

Thanks to Apple for reporting this vulnerability and providing
patches.

https://github.com/krb5/krb5/commit/bfe7b5f6a92129e238eae0ef5a41ff19b063f0b9
Commit By: tlyu
Revision: 22179
Changed Files:
U branches/krb5-1-6/src/lib/gssapi/spnego/spnego_mech.c