CVE-2017-11368

Source
https://cve.org/CVERecord?id=CVE-2017-11368
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11368.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-11368
Downstream
Related
Published
2017-08-09T18:29:01.450Z
Modified
2026-07-08T12:05:56.374300Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*"
            ],
            "vendor_product": "fedoraproject:fedora",
            "extracted_events": [
                {
                    "introduced": "25"
                },
                {
                    "last_affected": "25"
                },
                {
                    "introduced": "26"
                },
                {
                    "last_affected": "26"
                }
            ],
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:mit:kerberos:5-1.13.7:*:*:*:*:*:*:*"
            ],
            "vendor_product": "mit:kerberos",
            "extracted_events": [
                {
                    "introduced": "5-1.13.7"
                },
                {
                    "last_affected": "5-1.13.7"
                }
            ],
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:mit:kerberos_5:1.15.1:beta1:*:*:*:*:*:*",
                "cpe:2.3:a:mit:kerberos_5:1.15.1:beta2:*:*:*:*:*:*",
                "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*"
            ],
            "vendor_product": "mit:kerberos_5",
            "extracted_events": [
                {
                    "introduced": "1.7"
                },
                {
                    "last_affected": "1.7"
                },
                {
                    "introduced": "1.15.1-beta1"
                },
                {
                    "last_affected": "1.15.1-beta1"
                },
                {
                    "introduced": "1.15.1-beta1"
                },
                {
                    "last_affected": "1.15.1-beta1"
                },
                {
                    "introduced": "1.15.1-beta2"
                },
                {
                    "last_affected": "1.15.1-beta2"
                },
                {
                    "introduced": "1.15.1-beta2"
                },
                {
                    "last_affected": "1.15.1-beta2"
                }
            ],
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/krb5/krb5

Affected ranges

Type
GIT
Repo
https://github.com/krb5/krb5
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.8.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.8.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.9.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.9.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.9.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.12.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.13.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.13.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.14:alpha1:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.14:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.14:beta2:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.14.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.14.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.14.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.14.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.15.1:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "1.7"
        },
        {
            "last_affected": "1.7"
        },
        {
            "introduced": "1.7.1"
        },
        {
            "last_affected": "1.7.1"
        },
        {
            "introduced": "1.8"
        },
        {
            "last_affected": "1.8"
        },
        {
            "introduced": "1.8.1"
        },
        {
            "last_affected": "1.8.1"
        },
        {
            "introduced": "1.8.2"
        },
        {
            "last_affected": "1.8.2"
        },
        {
            "introduced": "1.8.3"
        },
        {
            "last_affected": "1.8.3"
        },
        {
            "introduced": "1.8.4"
        },
        {
            "last_affected": "1.8.4"
        },
        {
            "introduced": "1.8.5"
        },
        {
            "last_affected": "1.8.5"
        },
        {
            "introduced": "1.8.6"
        },
        {
            "last_affected": "1.8.6"
        },
        {
            "introduced": "1.9"
        },
        {
            "last_affected": "1.9"
        },
        {
            "introduced": "1.9.1"
        },
        {
            "last_affected": "1.9.1"
        },
        {
            "introduced": "1.9.2"
        },
        {
            "last_affected": "1.9.2"
        },
        {
            "introduced": "1.9.3"
        },
        {
            "last_affected": "1.9.3"
        },
        {
            "introduced": "1.9.4"
        },
        {
            "last_affected": "1.9.4"
        },
        {
            "introduced": "1.10"
        },
        {
            "last_affected": "1.10"
        },
        {
            "introduced": "1.10.1"
        },
        {
            "last_affected": "1.10.1"
        },
        {
            "introduced": "1.10.2"
        },
        {
            "last_affected": "1.10.2"
        },
        {
            "introduced": "1.10.3"
        },
        {
            "last_affected": "1.10.3"
        },
        {
            "introduced": "1.10.4"
        },
        {
            "last_affected": "1.10.4"
        },
        {
            "introduced": "1.11"
        },
        {
            "last_affected": "1.11"
        },
        {
            "introduced": "1.11.1"
        },
        {
            "last_affected": "1.11.1"
        },
        {
            "introduced": "1.11.2"
        },
        {
            "last_affected": "1.11.2"
        },
        {
            "introduced": "1.11.3"
        },
        {
            "last_affected": "1.11.3"
        },
        {
            "introduced": "1.11.4"
        },
        {
            "last_affected": "1.11.4"
        },
        {
            "introduced": "1.11.5"
        },
        {
            "last_affected": "1.11.5"
        },
        {
            "introduced": "1.12"
        },
        {
            "last_affected": "1.12"
        },
        {
            "introduced": "1.12.1"
        },
        {
            "last_affected": "1.12.1"
        },
        {
            "introduced": "1.12.2"
        },
        {
            "last_affected": "1.12.2"
        },
        {
            "introduced": "1.12.3"
        },
        {
            "last_affected": "1.12.3"
        },
        {
            "introduced": "1.13"
        },
        {
            "last_affected": "1.13"
        },
        {
            "introduced": "1.13.1"
        },
        {
            "last_affected": "1.13.1"
        },
        {
            "introduced": "1.13.2"
        },
        {
            "last_affected": "1.13.2"
        },
        {
            "introduced": "1.13.3"
        },
        {
            "last_affected": "1.13.3"
        },
        {
            "introduced": "1.13.5"
        },
        {
            "last_affected": "1.13.5"
        },
        {
            "introduced": "1.13.6"
        },
        {
            "last_affected": "1.13.6"
        },
        {
            "introduced": "1.14"
        },
        {
            "last_affected": "1.14"
        },
        {
            "introduced": "1.14-alpha1"
        },
        {
            "last_affected": "1.14-alpha1"
        },
        {
            "introduced": "1.14-beta1"
        },
        {
            "last_affected": "1.14-beta1"
        },
        {
            "introduced": "1.14-beta2"
        },
        {
            "last_affected": "1.14-beta2"
        },
        {
            "introduced": "1.14.1"
        },
        {
            "last_affected": "1.14.1"
        },
        {
            "introduced": "1.14.2"
        },
        {
            "last_affected": "1.14.2"
        },
        {
            "introduced": "1.14.3"
        },
        {
            "last_affected": "1.14.3"
        },
        {
            "introduced": "1.14.4"
        },
        {
            "last_affected": "1.14.4"
        },
        {
            "introduced": "1.14.5"
        },
        {
            "last_affected": "1.14.5"
        },
        {
            "introduced": "1.15"
        },
        {
            "last_affected": "1.15"
        },
        {
            "introduced": "1.15.1"
        },
        {
            "last_affected": "1.15.1"
        }
    ],
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ]
}

Affected versions

1.*
1.10
1.10.1
1.10.2
1.10.3
1.10.4
1.11
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.12
1.12.1
1.12.2
1.12.3
1.13
1.13.1
1.13.2
1.13.3
1.13.5
1.13.6
1.14
1.14-alpha1
1.14-beta1
1.14-beta2
1.14.1
1.14.2
1.14.3
1.14.4
1.14.5
1.15
1.15.1
1.7
1.7.1
1.8
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.9
1.9.1
1.9.2
1.9.3
1.9.4

Database specific

vanir_signatures
[
    {
        "digest": {
            "function_hash": "330028959243753203609613709933773874074",
            "length": 653.0
        },
        "target": {
            "function": "kdc_process_s4u2proxy_req",
            "file": "src/kdc/kdc_util.c"
        },
        "id": "CVE-2017-11368-16ce6abc",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "83240240999769545177314307306634696539",
            "length": 15624.0
        },
        "target": {
            "function": "process_tgs_req",
            "file": "src/kdc/do_tgs_req.c"
        },
        "id": "CVE-2017-11368-5bf800eb",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "156221043922931185817485653085623573900",
            "length": 673.0
        },
        "target": {
            "function": "kdc_process_for_user",
            "file": "src/kdc/kdc_util.c"
        },
        "id": "CVE-2017-11368-755de4b8",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "283975676019297401139999035662419444645",
                "282672820768443496025395926450658577906",
                "47215875968588905788377893875480578522",
                "91415356043600347659629545620442554514",
                "99052052106133597793956133896851414116",
                "184992862356724350174483412619012981443",
                "180808050400054218726783860965016757985",
                "298778936289824725957268107039822507847",
                "73155155861381541010112379124029782245",
                "99432362990357885032626879684404162822",
                "218227452749620134082433343964277257909",
                "114506724569938914743330379561712543200",
                "37246406000188172841916433720272670724",
                "78014914416155917900049677080906534854",
                "272232022684417892734841124247077554087",
                "298769036358435233077422396747719161328",
                "129707705023951043827643630971048549541",
                "70541791018619243244654308933730348437"
            ]
        },
        "target": {
            "file": "src/kdc/kdc_util.c"
        },
        "id": "CVE-2017-11368-a6179004",
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "74531147696732265420744333821386430488",
            "length": 771.0
        },
        "target": {
            "function": "kdc_process_s4u_x509_user",
            "file": "src/kdc/kdc_util.c"
        },
        "id": "CVE-2017-11368-ae10ded1",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "325367889476803086856633468511928700848",
                "68989466184981042379603439399162329417",
                "173256510690270124507023254971734967536",
                "115082524213724777578031700444571321986"
            ]
        },
        "target": {
            "file": "src/kdc/do_tgs_req.c"
        },
        "id": "CVE-2017-11368-ca597638",
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "311703179622825782984481815100440141886",
                "256372248361650419130344277581095724040",
                "89102105830819084952166022460426190619",
                "108192380190004863950675277511866253291",
                "44123480385076308243782818462219067811"
            ]
        },
        "target": {
            "file": "src/kdc/do_as_req.c"
        },
        "id": "CVE-2017-11368-ea438f50",
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "176621686112374436775066263314571356236",
            "length": 7164.0
        },
        "target": {
            "function": "finish_process_as_req",
            "file": "src/kdc/do_as_req.c"
        },
        "id": "CVE-2017-11368-fcaca95d",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
        "deprecated": false
    }
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11368.json"
vanir_signatures_modified
"2026-07-08T12:05:56Z"