CVE-2023-39975

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (aka krb5) versions 1.21 through 1.21.1 MySQL Server versions 8.0.34 and earlier, 8.1.0 and earlier

Description The issue is related to a double free in the kdc/do tgs req.c file of MIT Kerberos 5, which can be triggered by an authenticated user causing an authorization-data handling failure, resulting in incorrect data being copied from one ticket to another. For MySQL Server, the vulnerability allows a high-privileged attacker with network access to compromise the server, potentially causing a hang or crash.

Recommendations For MIT Kerberos 5 versions 1.21 through 1.21.1, update to version 1.21.2 or later. For MySQL Server versions 8.0.34 and earlier, 8.1.0 and earlier, update to a version later than 8.0.34 and 8.1.0 respectively.