CVE-2017-11462

Published Sep 13, 2017

Last updated a year ago

CVSS critical 9.8

Overview

Description: Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-415

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E30B176-1FE5-4C53-8B79-2E6D87DF05B3"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.14:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC81822F-DC8C-4889-AD53-33216B66A109"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.14:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1B23EE0-35EB-46FC-8620-AC0059498D9B"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.14:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70831CB8-695D-45E8-A829-2E888823E8A5"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E650B5A3-99CA-491B-A1FB-259EF548D92E"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.14.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "091F3C51-980E-482F-9882-0A555A8F74BC"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.14.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A00BDDDC-3D5D-4D63-A8D8-63BF2F4C7329"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.14.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42505BC2-12A0-43E9-8561-80270D7CA74D"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.14.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF0496EF-F0F9-4A5D-92F4-E50C5F3DCA12"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79EEC80F-9E4F-4A6D-BB8D-6AB7764AD8E3"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB427FE4-CC39-43EE-A27B-69C5B18056FA"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.15.1:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14A2F0C0-91E0-4DD9-851E-67CE8A5EAE0B"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.15.1:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1770120-B3B2-4B5A-9785-162399A47989"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E4D8269-B407-4C24-AAB0-02F885C7D752"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References