CVE-2017-11462
Published: 13 September 2017
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
From the Ubuntu security team
It was discovered that Kerberos incorrectly handled deletion of security contexts. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Priority
Low
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
krb5 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(1.15.2-1)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(1.15.2-1)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(1.15.2-1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(1.15.2-1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(1.13.2+dfsg-5ubuntu2.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(1.12+dfsg-2ubuntu5.4)
|
|
|
Patches: Upstream: https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf |
||