VDB
CVE-2017-15088
CVE-2017-15088
PUBLISHED
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.
EPSS 1.28% · 79.9th percentile
Risk Scores
EPSS Score
1.28%
79.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:14.04:LTS | krb5 | *, 1.12+dfsg-2ubuntu5.3, 1.12+dfsg-2ubuntu5.4 |
| Ubuntu:Pro:16.04:LTS | krb5 | 1.13.2+dfsg-2, 1.13.2+dfsg-3, 1.13.2+dfsg-4 |
Timeline
- Nov 23, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 10, 2023 EPSS Score
- Apr 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-15088 third-party-advisory
- https://github.com/krb5/krb5/pull/707 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-15088 third-party-advisory