CVE Vulnerabilities

CVE-2017-11462

Double Free

Published: Sep 13, 2017 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
3.7 LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Ubuntu
LOW

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Kerberos_5 Mit 1.14 (including) 1.14 (including)
Kerberos_5 Mit 1.14-alpha1 (including) 1.14-alpha1 (including)
Kerberos_5 Mit 1.14-beta1 (including) 1.14-beta1 (including)
Kerberos_5 Mit 1.14-beta2 (including) 1.14-beta2 (including)
Kerberos_5 Mit 1.14.1 (including) 1.14.1 (including)
Kerberos_5 Mit 1.14.2 (including) 1.14.2 (including)
Kerberos_5 Mit 1.14.3 (including) 1.14.3 (including)
Kerberos_5 Mit 1.14.4 (including) 1.14.4 (including)
Kerberos_5 Mit 1.14.5 (including) 1.14.5 (including)
Kerberos_5 Mit 1.15 (including) 1.15 (including)
Kerberos_5 Mit 1.15.1 (including) 1.15.1 (including)
Kerberos_5 Mit 1.15.1-beta1 (including) 1.15.1-beta1 (including)
Kerberos_5 Mit 1.15.1-beta2 (including) 1.15.1-beta2 (including)
Krb5 Ubuntu artful *
Krb5 Ubuntu precise/esm *
Krb5 Ubuntu trusty *
Krb5 Ubuntu vivid/ubuntu-core *
Krb5 Ubuntu xenial *
Krb5 Ubuntu zesty *

Potential Mitigations

References