CVE-2017-15088

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-15088
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15088.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-15088
Downstream
Related
Published
2017-11-23T17:29:00Z
Modified
2025-09-19T08:56:46.716889Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

plugins/preauth/pkinit/pkinitcryptoopenssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the getmatchingdata and X509NAMEonelineex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of getmatching_data in KDC certauth plugin code that is specific to Red Hat.

References

Affected packages

Alpine:v3.10

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Alpine:v3.11

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Alpine:v3.12

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Alpine:v3.13

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Alpine:v3.14

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Alpine:v3.15

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Alpine:v3.16

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Alpine:v3.17

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Alpine:v3.18

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Alpine:v3.19

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Alpine:v3.20

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Alpine:v3.21

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Alpine:v3.22

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Alpine:v3.7

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1

Alpine:v3.8

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Alpine:v3.9

krb5

Package

Name
krb5
Purl
pkg:apk/alpine/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.3-r0

Affected versions

1.*

1.11-r0
1.11-r1
1.11-r2
1.11.2-r0
1.11.2-r1
1.11.2-r2
1.11.3-r0
1.11.4-r0
1.12.1-r0
1.12.2-r0
1.13-r0
1.13-r1
1.13.1-r0
1.13.1-r1
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14-r0
1.14-r1
1.14-r2
1.14.3-r0
1.14.3-r1
1.14.3-r2
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2

Git

github.com/krb5/krb5

Affected ranges

Type
GIT
Repo
https://github.com/krb5/krb5
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
fbb687db1088ddd894d975996e5f6a4252b9a2b4

Database specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4",
            "signature_version": "v1",
            "target": {
                "file": "src/plugins/preauth/pkinit/pkinit_crypto_openssl.c",
                "function": "X509_NAME_oneline_ex"
            },
            "digest": {
                "function_hash": "319056387699767631926726914969734411257",
                "length": 461.0
            },
            "id": "CVE-2017-15088-0bbe7661"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4",
            "signature_version": "v1",
            "target": {
                "file": "src/plugins/preauth/pkinit/pkinit_crypto_openssl.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "279292813219746823677532824714218872323",
                    "217432453232397824978848157812379024368",
                    "119574223050316908539911420666720073950",
                    "183973212326717697863403440342551057940",
                    "66645707007354709630552218460901125348",
                    "97580563659190393370090612467161351977",
                    "12396520658741259575630900013970077531",
                    "104188435860651642774034395790333545957",
                    "121259980145935057902347539570000398038",
                    "52154987490860817268654532722753888760",
                    "6022096577875113642843530069954696558",
                    "200151014062051406045106902672288331866",
                    "119377450856674769030282981012203560724",
                    "149659764186472576570254343928344519020",
                    "131332746661157213836899878514307163630",
                    "87175253143964962761067964979816920387",
                    "99168924437238917432768983530711910483",
                    "190514094055831093294990264092044239942",
                    "224267047642386850990322236024090859661",
                    "99386848099307025553614398347969553667",
                    "42022065828970131235532434712775577951",
                    "78665054144780781925327514358981613412",
                    "69073023158311737696735031676335744188",
                    "89710413463912125817533208216805794900",
                    "138518148784896151289832497557417112998",
                    "183248215839116588960355176593480272968",
                    "331048256505064657749198070881374120796",
                    "227943242168469061897241941238536104464",
                    "211688238444337902509590690614539666973",
                    "38842525064467757614143210130200320924",
                    "35007492642268697301785938760503455309",
                    "332361462481790647058370067929282761483",
                    "276063617981788960207517436503131370354",
                    "203565305329433175028353793333334835032",
                    "111673338798337675178828952554646323116",
                    "330551950114059819946125617565239577877",
                    "62456707559558278907109169901650202512",
                    "177031895952329143620873325647733539197",
                    "327039109210123678431856163689744265017",
                    "77397130865429019974245280346772607548",
                    "257163156264683960940488981904381430006",
                    "128338143778771436158069468179498940393",
                    "53711828437006975536064707561482006908",
                    "118934550810338443395589486622052428642"
                ]
            },
            "id": "CVE-2017-15088-403776f7"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4",
            "signature_version": "v1",
            "target": {
                "file": "src/plugins/preauth/pkinit/pkinit_crypto_openssl.c",
                "function": "get_matching_data"
            },
            "digest": {
                "function_hash": "103045859072055760119567830516729182967",
                "length": 1652.0
            },
            "id": "CVE-2017-15088-b0147b26"
        }
    ]
}