Updated: MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol

Nalin Dahyabhai nalin at redhat.com
Fri Mar 21 19:32:48 EST 2003

Is anyone else seeing what look like double-frees in krb524d using the
patch for 1.2.0?  It looks like v5tkt->enc_part2 is freed around line
374, and because the pointer isn't zeroed, another attempt to free it is
made in when krb5_free_ticket() call a few lines later.



More information about the krbdev mailing list