Published: 13/09/2017 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows malicious users to have unspecified impact via vectors involving automatic deletion of security contexts on error.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5 1.14
mit kerberos 5 1.14.1
mit kerberos 5 1.14.2
mit kerberos 5 1.14.3
mit kerberos 5 1.14.4
mit kerberos 5 1.14.5
mit kerberos 5 1.15
mit kerberos 5 1.15.1
fedoraproject fedora 26
fedoraproject fedora 25

Debian Bug report logs - #873563 CVE-2017-11462 -- automatic sec context deletion could lead to double-free Package: libgssapi-krb5-2; Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@mitedu> Date: T ...

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error ...

A double free vulnerability has been discovered in MIT Kerberos 5 (aka krb5) allowing attackers to crash the application or possibly execute arbitrary code via vectors involving automatic deletion of security contexts on error ...

CWE-415 https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf https://bugzilla.redhat.com/show_bug.cgi?id=1488873 http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873563 https://nvd.nist.gov https://security.archlinux.org/CVE-2017-11462

CVE-2017-11462

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect