CVE-2017-11462

Published: 13 September 2017

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

From the Ubuntu security team

It was discovered that Kerberos incorrectly handled deletion of security contexts. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1.15.2-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1.15.2-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.15.2-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.15.2-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.13.2+dfsg-5ubuntu2.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.12+dfsg-2ubuntu5.4)
Patches:
Upstream: https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf