Double Free Vulnerability in MIT Kerberos 5
CVE-2017-11462

9.8CRITICAL

Key Information:

Vendor

Mit

Status
Kerberos 5
Vendor
CVE Published:
13 September 2017

What is CVE-2017-11462?

A double free vulnerability exists in MIT Kerberos 5 (krb5), which can be exploited by an attacker through the automatic deletion of security contexts when errors occur. This flaw could lead to unpredictable behavior within applications using Kerberos for authentication, potentially allowing attackers to manipulate memory management processes.

References

https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e...
x_refsource_CONFIRM
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.