CVE-2017-15088

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-15088
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15088.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-15088
Downstream
Related
Published
2017-11-23T17:29:00.353Z
Modified
2026-04-02T00:05:15.873618Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

plugins/preauth/pkinit/pkinitcryptoopenssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the getmatchingdata and X509NAMEonelineex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of getmatching_data in KDC certauth plugin code that is specific to Red Hat.

References

Affected packages

Git / github.com/krb5/krb5

Affected ranges

Type
GIT
Repo
https://github.com/krb5/krb5
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d3cb9e2fbc6a5c7ff67de46473467be127c2df76
Fixed
fbb687db1088ddd894d975996e5f6a4252b9a2b4
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.15.2"
        }
    ]
}

Affected versions

kfw-2.*
kfw-2.6-beta1
kfw-2.6-beta2
kfw-2.6-beta3
kfw-2.6-beta5
kfw-2.6-beta6
kfw-2.6-beta7
kfw-2.6-beta8
kfw-2.6-beta9
kfw-2.6-final
kfw-2.6.1-beta1
kfw-2.6.1-final
kfw-2.6.2-beta1
kfw-2.6.2-beta2
kfw-2.6.2-final
kfw-2.6.3-final
kfw-2.6.4-beta1
kfw-2.6.4-beta2
kfw-2.6.4-beta3
kfw-2.6.4-beta4
kfw-2.6.4-final
kfw-2.6.5-beta2
kfw-2.6.5-final
kfw-3.*
kfw-3.0-beta2
kfw-3.0-final
kfw-3.0.1-final
kfw-3.1.0-beta1
kfw-3.1.0-beta2
kfw-3.1.0-beta3
kfw-3.1.0-beta4
kfw-3.1.0-final
kfw-3.2.0-beta1
kfw-3.2.0-beta2
kfw-3.2.0-beta3
kfw-3.2.0-final
kfw-3.2.1-beta1
kfw-3.2.1-beta2
kfw-3.2.1-final
kfw-3.2.2-beta1
kfw-3.2.2-beta2
kfw-3.2.2-final
kfw-3.2.3-alpha1
kfw-4.*
kfw-4.0-final
kfw-4.0.1-beta1
kfw-4.0.1-final
kfw-4.1-beta1
kfw-4.1-beta2
kfw-4.1-beta3
kfw-4.1-beta3-mit
kfw-4.1-final
kfw-4.1-final-mit
krb5-1.*
krb5-1.0-alpha0
krb5-1.0-alpha2
krb5-1.0-alpha3
krb5-1.0-alpha4
krb5-1.0-alpha5
krb5-1.0-beta1
krb5-1.0-beta2
krb5-1.0-beta3
krb5-1.0-beta4
krb5-1.0-beta4.1
krb5-1.0-beta4.2
krb5-1.0-beta4.3
krb5-1.0-beta5
krb5-1.0-beta6
krb5-1.0-beta7
krb5-1.0-final
krb5-1.0-freeze1
krb5-1.0-freeze2
krb5-1.0-freeze3
krb5-1.0.1-final
krb5-1.0.2-final
krb5-1.0.3-final
krb5-1.0.4-final
krb5-1.0.5-final
krb5-1.0.5-freeze1
krb5-1.0.5-freeze2
krb5-1.0.5-freeze3
krb5-1.0.6-beta1
krb5-1.0.6-beta2
krb5-1.0.6-beta3
krb5-1.0.6-beta4
krb5-1.0.6-beta5
krb5-1.0.6-final
krb5-1.0.7-beta1
krb5-1.0.7-beta2
krb5-1.1-beta1
krb5-1.1-final
krb5-1.1.1-beta1
krb5-1.1.1-beta2
krb5-1.1.1-final
krb5-1.1.2-beta1
krb5-1.1.2-beta2
krb5-1.10-alpha1
krb5-1.10-alpha2
krb5-1.10-beta1
krb5-1.10-final
krb5-1.10.1-final
krb5-1.10.2-final
krb5-1.10.3-final
krb5-1.10.4-final
krb5-1.10.5-final
krb5-1.10.6-final
krb5-1.10.7-final
krb5-1.11-alpha1
krb5-1.11-beta1
krb5-1.11-beta2
krb5-1.11-final
krb5-1.11.1-final
krb5-1.11.2-final
krb5-1.11.3-final
krb5-1.11.4-final
krb5-1.11.5-final
krb5-1.11.6-final
krb5-1.12-alpha1
krb5-1.12-beta1
krb5-1.12-beta2
krb5-1.12-final
krb5-1.12.1-final
krb5-1.12.2-final
krb5-1.12.3-final
krb5-1.12.4-final
krb5-1.12.5-final
krb5-1.13-alpha1
krb5-1.13-beta1
krb5-1.13-final
krb5-1.13.1-final
krb5-1.13.2-final
krb5-1.13.3-final
krb5-1.13.4-final
krb5-1.13.5-final
krb5-1.13.6-final
krb5-1.13.7-final
krb5-1.14-alpha1
krb5-1.14-beta1
krb5-1.14-beta2
krb5-1.14-final
krb5-1.14.1-final
krb5-1.14.2-final
krb5-1.14.3-final
krb5-1.14.4-final
krb5-1.14.5-final
krb5-1.14.6-final
krb5-1.15-beta1
krb5-1.15-beta2
krb5-1.15-final
krb5-1.15.1-final
krb5-1.15.2-final
krb5-1.16-beta1
krb5-1.16-beta2
krb5-1.16-final
krb5-1.16.1-final
krb5-1.16.2-final
krb5-1.16.3-final
krb5-1.16.4-final
krb5-1.2-beta1
krb5-1.2-beta2
krb5-1.2-beta3
krb5-1.2-beta4
krb5-1.2-final
krb5-1.2.1-final
krb5-1.2.2-beta1
krb5-1.2.2-final
krb5-1.2.3-beta1
krb5-1.2.3-beta2
krb5-1.2.3-beta3
krb5-1.2.3-beta4
krb5-1.2.3-final
krb5-1.2.4-beta1
krb5-1.2.4-beta2
krb5-1.2.4-final
krb5-1.2.5-beta1
krb5-1.2.5-beta2
krb5-1.2.5-final
krb5-1.2.6-beta1
krb5-1.2.6-beta2
krb5-1.2.6-final
krb5-1.2.7-beta1
krb5-1.2.7-beta2
krb5-1.2.7-final
krb5-1.2.8-final
krb5-1.3-alpha1
krb5-1.3-alpha2
krb5-1.3-alpha3
krb5-1.3-beta1
krb5-1.3-beta2
krb5-1.3-beta3
krb5-1.3-beta4
krb5-1.3-beta5
krb5-1.3-final
krb5-1.3.1-beta1
krb5-1.3.1-final
krb5-1.3.1-kfw
krb5-1.3.2-beta1
krb5-1.3.2-beta2
krb5-1.3.2-beta3
krb5-1.3.2-beta4
krb5-1.3.2-beta5
krb5-1.3.2-final
krb5-1.3.3-beta1
krb5-1.3.3-beta2
krb5-1.3.3-final
krb5-1.3.4-beta1
krb5-1.3.4-final
krb5-1.3.5-beta1
krb5-1.3.5-final
krb5-1.3.6-final
krb5-1.4-beta1
krb5-1.4-beta2
krb5-1.4-beta3
krb5-1.4-beta4
krb5-1.4-beta5
krb5-1.4-final
krb5-1.4.1-beta1
krb5-1.4.1-final
krb5-1.4.2-beta1
krb5-1.4.2-final
krb5-1.4.3-beta1
krb5-1.4.3-beta2
krb5-1.4.3-final
krb5-1.4.4-beta1
krb5-1.4.4-final
krb5-1.5-alpha1
krb5-1.5-beta1
krb5-1.5-beta2
krb5-1.5-final
krb5-1.5.1-beta1
krb5-1.5.1-final
krb5-1.5.2-final
krb5-1.5.3-final
krb5-1.5.4-final
krb5-1.6-alpha1
krb5-1.6-beta1
krb5-1.6-beta2
krb5-1.6-final
krb5-1.6.1-beta1
krb5-1.6.1-final
krb5-1.6.2-final
krb5-1.6.3-beta1
krb5-1.6.3-beta2
krb5-1.6.3-final
krb5-1.6.4-beta1
krb5-1.7-alpha1
krb5-1.7-beta1
krb5-1.7-beta2
krb5-1.7-beta3
krb5-1.7-final
krb5-1.7.1-beta1
krb5-1.7.1-final
krb5-1.7.2-final
krb5-1.8-alpha1
krb5-1.8-beta1
krb5-1.8-beta2
krb5-1.8-final
krb5-1.8.1-beta1
krb5-1.8.1-beta2
krb5-1.8.1-final
krb5-1.8.2-beta1
krb5-1.8.2-final
krb5-1.8.3-beta1
krb5-1.8.3-final
krb5-1.8.4-final
krb5-1.8.5-beta1
krb5-1.8.5-final
krb5-1.8.6-final
krb5-1.9-beta1
krb5-1.9-beta2
krb5-1.9-beta3
krb5-1.9-final
krb5-1.9.1-beta1
krb5-1.9.1-final
krb5-1.9.2-beta1
krb5-1.9.2-final
krb5-1.9.3-final
krb5-1.9.4-final
krb5-1.9.5-final
Other
ms-bug-test-20060525

Database specific

vanir_signatures 
[
    {
        "digest": {
            "length": 461.0,
            "function_hash": "319056387699767631926726914969734411257"
        },
        "id": "CVE-2017-15088-0bbe7661",
        "source": "https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4",
        "signature_type": "Function",
        "target": {
            "file": "src/plugins/preauth/pkinit/pkinit_crypto_openssl.c",
            "function": "X509_NAME_oneline_ex"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "line_hashes": [
                "279292813219746823677532824714218872323",
                "217432453232397824978848157812379024368",
                "119574223050316908539911420666720073950",
                "183973212326717697863403440342551057940",
                "66645707007354709630552218460901125348",
                "97580563659190393370090612467161351977",
                "12396520658741259575630900013970077531",
                "104188435860651642774034395790333545957",
                "121259980145935057902347539570000398038",
                "52154987490860817268654532722753888760",
                "6022096577875113642843530069954696558",
                "200151014062051406045106902672288331866",
                "119377450856674769030282981012203560724",
                "149659764186472576570254343928344519020",
                "131332746661157213836899878514307163630",
                "87175253143964962761067964979816920387",
                "99168924437238917432768983530711910483",
                "190514094055831093294990264092044239942",
                "224267047642386850990322236024090859661",
                "99386848099307025553614398347969553667",
                "42022065828970131235532434712775577951",
                "78665054144780781925327514358981613412",
                "69073023158311737696735031676335744188",
                "89710413463912125817533208216805794900",
                "138518148784896151289832497557417112998",
                "183248215839116588960355176593480272968",
                "331048256505064657749198070881374120796",
                "227943242168469061897241941238536104464",
                "211688238444337902509590690614539666973",
                "38842525064467757614143210130200320924",
                "35007492642268697301785938760503455309",
                "332361462481790647058370067929282761483",
                "276063617981788960207517436503131370354",
                "203565305329433175028353793333334835032",
                "111673338798337675178828952554646323116",
                "330551950114059819946125617565239577877",
                "62456707559558278907109169901650202512",
                "177031895952329143620873325647733539197",
                "327039109210123678431856163689744265017",
                "77397130865429019974245280346772607548",
                "257163156264683960940488981904381430006",
                "128338143778771436158069468179498940393",
                "53711828437006975536064707561482006908",
                "118934550810338443395589486622052428642"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-15088-403776f7",
        "source": "https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4",
        "signature_type": "Line",
        "target": {
            "file": "src/plugins/preauth/pkinit/pkinit_crypto_openssl.c"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 1652.0,
            "function_hash": "103045859072055760119567830516729182967"
        },
        "id": "CVE-2017-15088-b0147b26",
        "source": "https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4",
        "signature_type": "Function",
        "target": {
            "file": "src/plugins/preauth/pkinit/pkinit_crypto_openssl.c",
            "function": "get_matching_data"
        },
        "signature_version": "v1",
        "deprecated": false
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15088.json"