Skip to content
This repository has been archived by the owner on Feb 28, 2024. It is now read-only.

Free() on uninitalized structure in pam_sm_acct_mgmt()

Low
kravietz published GHSA-g2hc-22vv-6x3g Apr 22, 2022

Package

pam_tacplus (C)

Affected versions

< v1.4.1

Patched versions

v1.4.1

Description

Impact

In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure, which may result on calling free() on an uninitialised pointer. Exposure is limited to a PAM client that would need to receive a malicious response from a TACACS+ server. No proof-of-concept exists.

Patches

The problem has been patched in v1.4.1 released in July 2016.

Workarounds

No.

References

Severity

Low

CVE ID

CVE-2016-20014

Weaknesses

No CWEs