Description
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
References (4)
Core 4
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf
Vendor Advisory x_refsource_confirm
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/
Issue Tracking, Patch, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1488873
Scores
CVSS v3
9.8
EPSS
0.0106
EPSS Percentile
77.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-415
Status
published
Products (10)
fedoraproject/fedora
25
fedoraproject/fedora
26
mit/kerberos_5
1.14 (4 CPE variants)
mit/kerberos_5
1.14.1
mit/kerberos_5
1.14.2
mit/kerberos_5
1.14.3
mit/kerberos_5
1.14.4
mit/kerberos_5
1.14.5
mit/kerberos_5
1.15
mit/kerberos_5
1.15.1 (3 CPE variants)
Published
Sep 13, 2017
Tracked Since
Feb 18, 2026