CVE-2017-11462
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-11462
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11462.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-11462
- Downstream
- Related
- Published
- 2017-09-13T16:29:00Z
- Modified
- 2025-08-09T20:01:27Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
- References
-
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
- https://bugzilla.redhat.com/show_bug.cgi?id=1488873
- https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/
Affected packages
Git / github.com/krb5/krb5
Affected ranges
- Type
- GIT
- Repo
- https://github.com/krb5/krb5
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2017-11462-0e3035ea",
"signature_type": "Line",
"digest": {
"line_hashes": [
"113365589254028950831759866952732363792",
"299671428004758560547956332266712411796",
"313878630672118956822350231428516282651",
"36082119797606512123858535427160296497",
"303299836299360466855990804196747852178",
"47000552570716277391433332785385072543",
"205595035314639855734651874967137587782",
"140441883899889337675695721499628116338",
"281869919779813552905981642990614622852",
"92042041856409535265429861824467279112",
"199380787403468105087403273620949189718",
"328960532463704804191393082229285686545",
"150811375805580533231983848419464760157",
"203359321805143679509900186285736731284",
"110012356178553817267445820242741259944",
"121351120156354287520860639786144473119",
"251316567390949673089521965877914553051",
"174496037936978228976853946387492151059",
"32626311302713884848339666378553095372",
"176654164957123766617666835759518728885",
"121493791865016730768143069313996623992",
"299472622313771818115347343479176848430",
"58190323952740116784879083675053873659",
"327188296439971873280519859618219866658",
"22911219482791798654592476190640354476",
"79797039118292096799463391790643634942"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_accept_sec_context.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-0eeaaf86",
"signature_type": "Line",
"digest": {
"line_hashes": [
"45466575498610010453360452988168435402",
"207488688430417332689746618042757115253",
"189416343278799031321284810705459439935",
"267684482599810194893389216108612094912"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_process_context.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-1fe16c47",
"signature_type": "Line",
"digest": {
"line_hashes": [
"202820652179333292638476000022590568711",
"279172822676874531263183741786878542140",
"230151296749571886057666313469723665020",
"59623971633731781180089401266148358120"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_unwrap_aead.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-21098795",
"signature_type": "Line",
"digest": {
"line_hashes": [
"57206329821583218948180368659574647635",
"279172822676874531263183741786878542140",
"277332688408059383616680465495033724463",
"239305714132346633435063657102490722420"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_sign.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-21ff097f",
"signature_type": "Line",
"digest": {
"line_hashes": [
"107154425109754889017540545923079768141",
"279172822676874531263183741786878542140",
"296568857958428654992302881692141051625",
"57238032411018043031580532358517682010"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_inq_context.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-223b78dd",
"signature_type": "Line",
"digest": {
"line_hashes": [
"32424795816800363734201588202443306201",
"279172822676874531263183741786878542140",
"277332688408059383616680465495033724463",
"293622752440984088819908905342237280590",
"257308671250132641130536812462151080778",
"20876180485560077881330905693157411434",
"100603856213685072266433294144233069028",
"280581160103967509079800498953416458815"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_unwrap_iov.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-32d034e7",
"signature_type": "Function",
"digest": {
"function_hash": "193911584995775867856904687747004069079",
"length": 555.0
},
"target": {
"file": "src/lib/gssapi/mechglue/g_unwrap_iov.c",
"function": "gss_verify_mic_iov"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-3741a055",
"signature_type": "Line",
"digest": {
"line_hashes": [
"155766846641148498726673556434837487348",
"156888712370778725906602482609327511511",
"278167979885573846517204868137472502026",
"628342129815268749205939584635807859",
"127571106498045647610224971524121961336",
"165804498134623836832068323928984299141",
"136557233799025390871553235128380905301",
"129261482536825009614551851907852061255",
"133020867531809431662580895209573038786"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_delete_sec_context.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-41bc8e59",
"signature_type": "Function",
"digest": {
"function_hash": "84780669822825626659662441163036262328",
"length": 858.0
},
"target": {
"file": "src/lib/gssapi/mechglue/g_prf.c",
"function": "gss_pseudo_random"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-52a5f64d",
"signature_type": "Line",
"digest": {
"line_hashes": [
"65699658457000625733951509092065926468",
"4249221506307333738466651680668611217",
"245098841284075754220599421229456492068",
"65157373452218150056743915595096107955"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_context_time.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-54779797",
"signature_type": "Function",
"digest": {
"function_hash": "175755849309810436215143881804800774417",
"length": 557.0
},
"target": {
"file": "src/lib/gssapi/mechglue/g_wrap_iov.c",
"function": "gss_get_mic_iov_length"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-58c0e3e3",
"signature_type": "Line",
"digest": {
"line_hashes": [
"36931158403616128308512480933830901818",
"308990704743520702063298901411660468500",
"282737478335428559571832433030213582691",
"114236236451000054797425435516207980252",
"61391509398599092682080290821721512034",
"234952625221084801387740223251952078397",
"46414348307064053028254546423811415320",
"107726776061217080292467448337101899040",
"310585814034930159035254405789255652840",
"299130577769579551379689684481760797295",
"65892219977847310983726922407736164822"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_init_sec_context.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-5d1e081d",
"signature_type": "Line",
"digest": {
"line_hashes": [
"193825300154024044939738143090155963019",
"281424264385750326561984961715402363442",
"315809417267996437014979880489893825253",
"127594108691989287492112756964015328320"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_complete_auth_token.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-5f6efc9b",
"signature_type": "Line",
"digest": {
"line_hashes": [
"235442461251688478774178144650890866073",
"1090177348794421947043607628426505420",
"200092999706315589986629953069910272996",
"153077527340404387496007954494290605801"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_exp_sec_context.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-647eb20b",
"signature_type": "Line",
"digest": {
"line_hashes": [
"66944961868026136975076220035533772283",
"279172822676874531263183741786878542140",
"277332688408059383616680465495033724463",
"248209399207888684344640820787236461145",
"66944961868026136975076220035533772283",
"279172822676874531263183741786878542140",
"277332688408059383616680465495033724463",
"313371927353895911877906571486063651192",
"117468809547933847923356077904461459262",
"20876180485560077881330905693157411434",
"100603856213685072266433294144233069028",
"280581160103967509079800498953416458815",
"117468809547933847923356077904461459262",
"20876180485560077881330905693157411434",
"100603856213685072266433294144233069028",
"280581160103967509079800498953416458815"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_wrap_iov.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-71ba27ff",
"signature_type": "Function",
"digest": {
"function_hash": "224985312792235843938184834612419811584",
"length": 826.0
},
"target": {
"file": "src/lib/gssapi/mechglue/g_seal.c",
"function": "gss_wrap_size_limit"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-7a28da20",
"signature_type": "Line",
"digest": {
"line_hashes": [
"283043283586919477336713932980812147952",
"279172822676874531263183741786878542140",
"277332688408059383616680465495033724463",
"166063505421183355160816498850755324580",
"166805157139985073204711769027975051892",
"111802985952538530637545933811441551156",
"99942816079795024149571942755414930924",
"59623971633731781180089401266148358120"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_seal.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-7d1f6bf6",
"signature_type": "Function",
"digest": {
"function_hash": "337112570530254127079759456597588706006",
"length": 1285.0
},
"target": {
"file": "src/lib/gssapi/mechglue/g_inq_context.c",
"function": "gss_inquire_context"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-86c76bee",
"signature_type": "Line",
"digest": {
"line_hashes": [
"304679997914822602038643724030287245327",
"255210947317737890540820571081773665481",
"189416343278799031321284810705459439935",
"87990793854732838573234293773801599011"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_verify.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-90a2abb8",
"signature_type": "Function",
"digest": {
"function_hash": "328401194485328766950541482793175813774",
"length": 815.0
},
"target": {
"file": "src/lib/gssapi/mechglue/g_seal.c",
"function": "gss_wrap"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-aa0ab764",
"signature_type": "Function",
"digest": {
"function_hash": "110736529873258593906621016967237020456",
"length": 477.0
},
"target": {
"file": "src/lib/gssapi/mechglue/g_complete_auth_token.c",
"function": "gss_complete_auth_token"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-c63b5945",
"signature_type": "Line",
"digest": {
"line_hashes": [
"257279635259446308660028729535868625375",
"7302508278170680158129511721536338108",
"170115062276028931270362690826661190105",
"53970671521803570509930204622034643647"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_prf.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-e2b261f8",
"signature_type": "Line",
"digest": {
"line_hashes": [
"291472242011713900904678322408871903041",
"279172822676874531263183741786878542140",
"230151296749571886057666313469723665020",
"59623971633731781180089401266148358120"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_wrap_aead.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-e7adb994",
"signature_type": "Function",
"digest": {
"function_hash": "175755849309810436215143881804800774417",
"length": 557.0
},
"target": {
"file": "src/lib/gssapi/mechglue/g_wrap_iov.c",
"function": "gss_get_mic_iov"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-11462-f52720c6",
"signature_type": "Line",
"digest": {
"line_hashes": [
"102519311333740825098893792659011157030",
"291361584154017503395381246580368737897",
"338872964670330084759523749595614395648",
"154481536822596690542760743600924337902"
],
"threshold": 0.9
},
"target": {
"file": "src/lib/gssapi/mechglue/g_unseal.c"
},
"source": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"signature_version": "v1",
"deprecated": false
}
]
}