CVE-2017-11462

CWE-415 CWE-416 — Use After Free8 documents7 sources

Severity

9.8CRITICAL

EPSS

1.1%

top 22.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject Fedora MIT Kerberos 5

Timeline

PublishedSep 13

Latest updateMay 13

Description

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶Debiankrb5< 1.15.2-1+3

▶NVDmit/kerberos_58 versions+7

Also affects: Fedora 25, 26

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-rr2f-jhmq-594w: Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of securit↗2022-05-13

▶

CVEList

CVE-2017-11462: Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of securit↗2017-09-13

▶

OSV

CVE-2017-11462: Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of securit↗2017-09-13

▶

📋Vendor Advisories

Red Hat

krb5: Automatic sec context deletion could lead to double-free↗2017-08-28

▶

Debian

CVE-2017-11462: krb5 - Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have ...↗2017

▶

💬Community

Bugzilla

CVE-2017-11462 krb5: Automatic sec context deletion could lead to double-free↗2017-09-06

▶

Bugzilla

CVE-2017-11462 krb5: Automatic sec context deletion could lead to double-free [fedora-all]↗2017-09-06

▶