CVE-2017-15088
Severity CVSS v4.0:
Pending analysis
Type:
CWE-121
Stack-based Buffer Overflow
Publication date:
23/11/2017
Last modified:
20/04/2025
Description
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:* | 1.15.2 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/101594
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698
- https://bugzilla.redhat.com/show_bug.cgi?id=1504045
- https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4
- https://github.com/krb5/krb5/pull/707
- http://www.securityfocus.com/bid/101594
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698
- https://bugzilla.redhat.com/show_bug.cgi?id=1504045
- https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4
- https://github.com/krb5/krb5/pull/707