CVE-2017-11462
published 2017-09-13CVE-2017-11462: Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security…
PriorityP342critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.48%
91.8th percentile
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.15.2-1 (bookworm) | krb5 1.15.2-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.15.2-1 | 1.15.2-1 |
| mit | krb5 | >= 0 < 1.15.2-1 | 1.15.2-1 |
| mit | krb5 | >= 0 < 1.15.2-1 | 1.15.2-1 |
| mit | krb5 | >= 0 < 1.15.2-1 | 1.15.2-1 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8LOW
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
krb5: Automatic sec context deletion could lead to double-free
vendor_redhat·2017-08-28·CVSS 9.8
CVE-2017-11462 [CRITICAL] CWE-416 krb5: Automatic sec context deletion could lead to double-free
krb5: Automatic sec context deletion could lead to double-free
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
Package: krb5 (Red Hat Enterprise Linux 5) - Will not fix
Package: krb5 (Red Hat Enterprise Linux 6) - Will not fix
Package: krb5 (Red Hat Enterprise Linux 7) - Will not fix
Package: krb5 (Red Hat JBoss Enterprise Application Platform 6) - Will not fix
Package: krb5 (Red Hat JBoss Enterprise Web Server 2) - Will not fix
Package: krb5 (Red Hat JBoss Enterprise Web Server 3) - Will not fix
Debian
CVE-2017-11462: krb5 - Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have ...
vendor_debian·2017·CVSS 9.8
CVE-2017-11462 [CRITICAL] CVE-2017-11462: krb5 - Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have ...
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
Scope: local
bookworm: resolved (fixed in 1.15.2-1)
bullseye: resolved (fixed in 1.15.2-1)
forky: resolved (fixed in 1.15.2-1)
sid: resolved (fixed in 1.15.2-1)
trixie: resolved (fixed in 1.15.2-1)
GHSA
GHSA-rr2f-jhmq-594w: Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of securit
ghsa_unreviewed·2022-05-13
CVE-2017-11462 [CRITICAL] CWE-415 GHSA-rr2f-jhmq-594w: Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of securit
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
OSV
CVE-2017-11462: Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of securit
osv·2017-09-13·CVSS 9.8
CVE-2017-11462 [CRITICAL] CVE-2017-11462: Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of securit
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-11462 krb5: Automatic sec context deletion could lead to double-free
bugzilla·2017-09-06·CVSS 9.8
CVE-2017-11462 [CRITICAL] CVE-2017-11462 krb5: Automatic sec context deletion could lead to double-free
CVE-2017-11462 krb5: Automatic sec context deletion could lead to double-free
RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or subsequent call to gss_init_sec_context() or gss_accept_sec_context() if the call results in an error. This API behavior has been found to be dangerous, leading to the possibility of memory errors in some callers. For safety, GSS-API implementations should instead preserve existing security contexts on error until the caller deletes them.
References:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
Upstream patch:
https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf
Discussion:
Created krb5 tracking bugs for this issue:
Affects: fedora-all [bug 1488874]
---
Analysis:
The problem e
Bugzilla
CVE-2017-11462 krb5: Automatic sec context deletion could lead to double-free [fedora-all]
bugzilla·2017-09-06·CVSS 9.8
CVE-2017-11462 [CRITICAL] CVE-2017-11462 krb5: Automatic sec context deletion could lead to double-free [fedora-all]
CVE-2017-11462 krb5: Automatic sec context deletion could lead to double-free [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple suppo
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598https://bugzilla.redhat.com/show_bug.cgi?id=1488873https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cfhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598https://bugzilla.redhat.com/show_bug.cgi?id=1488873https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cfhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/
2017-09-13
Published