The KDC doesn’t allocate enough memory for the ‘heim_octet_string’ containing the freshness token.
This is hard to score. If there is any impact at all, it is likely to be a DoS, but there is a chance that some other other thing is in the area the malloc() result pointer is written do.
Repeated testing on x86_64 Linux has not even seen a crash.
Either way, while a CVE has been requested (to ensure that everyone picks up Samba 4.19.1 next week with this in it), a new security release feels unwarranted. (I had scored this as 5.0 previously which is why this didn't get discussed, but re-scoring today I get a higher score for some reason).
Update, this requires authentication, so
This bug was referenced in samba master:
Created attachment 18156 [details]
patch for Samba 4.19
Created attachment 18158 [details]
patch v2 for Samba 4.19
Assigning to Jule for Samba 4.19.2
Pushed to autobuild-v4-19-test.
This bug was referenced in samba v4-19-test:
Closing out bug report.
This bug was referenced in samba v4-19-stable (Release samba-4.19.2):