Your submission was sent successfully! Close

CVE-2017-11462

Published: 13 September 2017

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

From the Ubuntu security team

It was discovered that Kerberos incorrectly handled deletion of security contexts. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(1.15.2-1)
cosmic Not vulnerable
(1.15.2-1)
disco Not vulnerable
(1.15.2-1)
eoan Not vulnerable
(1.15.2-1)
focal Not vulnerable
(1.15.2-1)
groovy Not vulnerable
(1.15.2-1)
hirsute Not vulnerable
(1.15.2-1)
precise Ignored
(end of ESM support, was needed)
trusty
Released (1.12+dfsg-2ubuntu5.4)
upstream Needs triage

xenial
Released (1.13.2+dfsg-5ubuntu2.1)
zesty Ignored
(reached end-of-life)