CVE-2017-11462
Published: 13 September 2017
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
From the Ubuntu security team
It was discovered that Kerberos incorrectly handled deletion of security contexts. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Priority
CVSS 3 base score: 9.8
Status
Package | Release | Status |
---|---|---|
krb5 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(1.15.2-1)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(1.15.2-1)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(1.15.2-1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(1.13.2+dfsg-5ubuntu2.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(1.12+dfsg-2ubuntu5.4)
|
|
Patches: Upstream: https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf |