system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-03 08:49:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
fc773115fa
freebsd-src/crypto
History
Cy Schubert fc773115fa heimdal: Fix NULL deref 
A flawed logical condition allows a malicious actor to remotely
trigger a NULL pointer dereference using a crafted negTokenInit
token.

Upstream notes:

    Reported to Heimdal by Michał Kępień <michal@isc.org>.

    From the report:

    Acknowledgement
    ---------------

    This flaw was found while working on addressing ZDI-CAN-12302: ISC BIND
    TKEY Query Heap-based Buffer Overflow Remote Code Execution
    Vulnerability, which was reported to ISC by Trend Micro's Zero Day

Security:	CVE-2022-3116
Obtained from:	upstream 7a19658c1
MFC after:	1 week
2024-02-15 13:27:55 -08:00
..
heimdal heimdal: Fix NULL deref 2024-02-15 13:27:55 -08:00
openssh ssh: Update to OpenSSH 9.6p1 2024-01-04 22:16:30 -05:00
openssl OpenSSL: Update date string 2024-02-05 12:09:08 -08:00
README Two more $FreeBSD$ stragglers 2023-08-25 15:14:19 -06:00

README 

This directory is for the EXACT same use as src/contrib, except it
holds crypto sources.  In other words, this holds raw sources obtained
from various third party vendors, with FreeBSD patches applied.  No
compilation is done from this directory, it is all done from the
src/secure directory.  The separation between src/contrib and src/crypto
is the result of an old USA law, which made these sources export
controlled, so they had to be kept separate.