VulnerableCode Package Details - pkg:alpm/archlinux/krb5@1.15.2-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-uzwh-v7yj-aaak Aliases: CVE-2017-15088	plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-uzwh-v7yj-aaak
Aliases:
CVE-2017-15088

plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-apac-1qn7-aaaj	Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.	CVE-2017-11462
VCID-t627-mg9v-aaah	In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.	CVE-2017-11368

Vulnerability

Summary

Aliases

VCID-apac-1qn7-aaaj

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

CVE-2017-11462

VCID-t627-mg9v-aaah

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

CVE-2017-11368

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:10.755362+00:00	Arch Linux Importer	Fixing	VCID-t627-mg9v-aaah	https://security.archlinux.org/AVG-414	36.0.0
2025-03-28T07:46:10.734777+00:00	Arch Linux Importer	Fixing	VCID-apac-1qn7-aaaj	https://security.archlinux.org/AVG-414	36.0.0
2025-03-28T07:44:38.688556+00:00	Arch Linux Importer	Affected by	VCID-uzwh-v7yj-aaak	https://security.archlinux.org/AVG-505	36.0.0
2024-09-18T02:01:20.345230+00:00	Arch Linux Importer	Fixing	VCID-t627-mg9v-aaah	https://security.archlinux.org/AVG-414	34.0.1
2024-09-18T02:01:20.318262+00:00	Arch Linux Importer	Fixing	VCID-apac-1qn7-aaaj	https://security.archlinux.org/AVG-414	34.0.1
2024-09-18T01:59:42.423135+00:00	Arch Linux Importer	Affected by	VCID-uzwh-v7yj-aaak	https://security.archlinux.org/AVG-505	34.0.1
2024-07-06T22:27:37.496468+00:00	Arch Linux Importer	Fixing	VCID-t627-mg9v-aaah	https://security.archlinux.org/AVG-414	34.0.0rc4
2024-07-06T22:27:37.473697+00:00	Arch Linux Importer	Fixing	VCID-apac-1qn7-aaaj	https://security.archlinux.org/AVG-414	34.0.0rc4
2024-01-03T22:27:31.012151+00:00	Arch Linux Importer	Fixing	VCID-t627-mg9v-aaah	https://security.archlinux.org/AVG-414	34.0.0rc1
2024-01-03T22:27:30.990781+00:00	Arch Linux Importer	Fixing	VCID-apac-1qn7-aaaj	https://security.archlinux.org/AVG-414	34.0.0rc1
2024-01-03T22:25:58.188426+00:00	Arch Linux Importer	Affected by	VCID-uzwh-v7yj-aaak	https://security.archlinux.org/AVG-505	34.0.0rc1