{"id":"CVE-2017-11368","details":"In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.","modified":"2026-07-08T12:05:56.374300Z","published":"2017-08-09T18:29:01.450Z","related":["openSUSE-SU-2024:10899-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*"],"source":"CPE_STRING","extracted_events":[{"introduced":"25"},{"last_affected":"25"},{"introduced":"26"},{"last_affected":"26"}],"vendor_product":"fedoraproject:fedora"},{"cpes":["cpe:2.3:a:mit:kerberos:5-1.13.7:*:*:*:*:*:*:*"],"source":"CPE_STRING","extracted_events":[{"introduced":"5-1.13.7"},{"last_affected":"5-1.13.7"}],"vendor_product":"mit:kerberos"},{"cpes":["cpe:2.3:a:mit:kerberos_5:1.15.1:beta1:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.15.1:beta2:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*"],"source":"CPE_STRING","extracted_events":[{"introduced":"1.7"},{"last_affected":"1.7"},{"introduced":"1.15.1-beta1"},{"last_affected":"1.15.1-beta1"},{"introduced":"1.15.1-beta1"},{"last_affected":"1.15.1-beta1"},{"introduced":"1.15.1-beta2"},{"last_affected":"1.15.1-beta2"},{"introduced":"1.15.1-beta2"},{"last_affected":"1.15.1-beta2"}],"vendor_product":"mit:kerberos_5"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100291"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0666"},{"type":"FIX","url":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/krb5/krb5","events":[{"introduced":"f70e5ec1adf2f54da8be987c5af0b29fa82ddfc6"},{"last_affected":"b9ad6c49505c96a088326b62a52568e3484f2168"},{"fixed":"ffb35baac6981f9e8914f8f3bffd37f284b85970"}],"database_specific":{"source":["CPE_STRING","REFERENCES"],"extracted_events":[{"introduced":"1.7"},{"last_affected":"1.7"},{"introduced":"1.7.1"},{"last_affected":"1.7.1"},{"introduced":"1.8"},{"last_affected":"1.8"},{"introduced":"1.8.1"},{"last_affected":"1.8.1"},{"introduced":"1.8.2"},{"last_affected":"1.8.2"},{"introduced":"1.8.3"},{"last_affected":"1.8.3"},{"introduced":"1.8.4"},{"last_affected":"1.8.4"},{"introduced":"1.8.5"},{"last_affected":"1.8.5"},{"introduced":"1.8.6"},{"last_affected":"1.8.6"},{"introduced":"1.9"},{"last_affected":"1.9"},{"introduced":"1.9.1"},{"last_affected":"1.9.1"},{"introduced":"1.9.2"},{"last_affected":"1.9.2"},{"introduced":"1.9.3"},{"last_affected":"1.9.3"},{"introduced":"1.9.4"},{"last_affected":"1.9.4"},{"introduced":"1.10"},{"last_affected":"1.10"},{"introduced":"1.10.1"},{"last_affected":"1.10.1"},{"introduced":"1.10.2"},{"last_affected":"1.10.2"},{"introduced":"1.10.3"},{"last_affected":"1.10.3"},{"introduced":"1.10.4"},{"last_affected":"1.10.4"},{"introduced":"1.11"},{"last_affected":"1.11"},{"introduced":"1.11.1"},{"last_affected":"1.11.1"},{"introduced":"1.11.2"},{"last_affected":"1.11.2"},{"introduced":"1.11.3"},{"last_affected":"1.11.3"},{"introduced":"1.11.4"},{"last_affected":"1.11.4"},{"introduced":"1.11.5"},{"last_affected":"1.11.5"},{"introduced":"1.12"},{"last_affected":"1.12"},{"introduced":"1.12.1"},{"last_affected":"1.12.1"},{"introduced":"1.12.2"},{"last_affected":"1.12.2"},{"introduced":"1.12.3"},{"last_affected":"1.12.3"},{"introduced":"1.13"},{"last_affected":"1.13"},{"introduced":"1.13.1"},{"last_affected":"1.13.1"},{"introduced":"1.13.2"},{"last_affected":"1.13.2"},{"introduced":"1.13.3"},{"last_affected":"1.13.3"},{"introduced":"1.13.5"},{"last_affected":"1.13.5"},{"introduced":"1.13.6"},{"last_affected":"1.13.6"},{"introduced":"1.14"},{"last_affected":"1.14"},{"introduced":"1.14-alpha1"},{"last_affected":"1.14-alpha1"},{"introduced":"1.14-beta1"},{"last_affected":"1.14-beta1"},{"introduced":"1.14-beta2"},{"last_affected":"1.14-beta2"},{"introduced":"1.14.1"},{"last_affected":"1.14.1"},{"introduced":"1.14.2"},{"last_affected":"1.14.2"},{"introduced":"1.14.3"},{"last_affected":"1.14.3"},{"introduced":"1.14.4"},{"last_affected":"1.14.4"},{"introduced":"1.14.5"},{"last_affected":"1.14.5"},{"introduced":"1.15"},{"last_affected":"1.15"},{"introduced":"1.15.1"},{"last_affected":"1.15.1"}],"cpe":["cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.8.5:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.8.6:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.9.2:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.9.3:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.9.4:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.12.3:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.13.5:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.13.6:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.14:alpha1:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.14:beta1:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.14:beta2:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.14.2:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.14.3:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.14.4:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.14.5:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.15:*:*:*:*:*:*:*","cpe:2.3:a:mit:kerberos_5:1.15.1:*:*:*:*:*:*:*"]}}],"versions":["1.10","1.10.1","1.10.2","1.10.3","1.10.4","1.11","1.11.1","1.11.2","1.11.3","1.11.4","1.11.5","1.12","1.12.1","1.12.2","1.12.3","1.13","1.13.1","1.13.2","1.13.3","1.13.5","1.13.6","1.14","1.14-alpha1","1.14-beta1","1.14-beta2","1.14.1","1.14.2","1.14.3","1.14.4","1.14.5","1.15","1.15.1","1.7","1.7.1","1.8","1.8.1","1.8.2","1.8.3","1.8.4","1.8.5","1.8.6","1.9","1.9.1","1.9.2","1.9.3","1.9.4"],"database_specific":{"vanir_signatures_modified":"2026-07-08T12:05:56Z","vanir_signatures":[{"digest":{"length":653,"function_hash":"330028959243753203609613709933773874074"},"source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2017-11368-16ce6abc","target":{"function":"kdc_process_s4u2proxy_req","file":"src/kdc/kdc_util.c"}},{"digest":{"length":15624,"function_hash":"83240240999769545177314307306634696539"},"source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2017-11368-5bf800eb","target":{"function":"process_tgs_req","file":"src/kdc/do_tgs_req.c"}},{"digest":{"length":673,"function_hash":"156221043922931185817485653085623573900"},"source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2017-11368-755de4b8","target":{"function":"kdc_process_for_user","file":"src/kdc/kdc_util.c"}},{"digest":{"threshold":0.9,"line_hashes":["283975676019297401139999035662419444645","282672820768443496025395926450658577906","47215875968588905788377893875480578522","91415356043600347659629545620442554514","99052052106133597793956133896851414116","184992862356724350174483412619012981443","180808050400054218726783860965016757985","298778936289824725957268107039822507847","73155155861381541010112379124029782245","99432362990357885032626879684404162822","218227452749620134082433343964277257909","114506724569938914743330379561712543200","37246406000188172841916433720272670724","78014914416155917900049677080906534854","272232022684417892734841124247077554087","298769036358435233077422396747719161328","129707705023951043827643630971048549541","70541791018619243244654308933730348437"]},"source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2017-11368-a6179004","target":{"file":"src/kdc/kdc_util.c"}},{"digest":{"length":771,"function_hash":"74531147696732265420744333821386430488"},"source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2017-11368-ae10ded1","target":{"function":"kdc_process_s4u_x509_user","file":"src/kdc/kdc_util.c"}},{"digest":{"threshold":0.9,"line_hashes":["325367889476803086856633468511928700848","68989466184981042379603439399162329417","173256510690270124507023254971734967536","115082524213724777578031700444571321986"]},"source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2017-11368-ca597638","target":{"file":"src/kdc/do_tgs_req.c"}},{"digest":{"threshold":0.9,"line_hashes":["311703179622825782984481815100440141886","256372248361650419130344277581095724040","89102105830819084952166022460426190619","108192380190004863950675277511866253291","44123480385076308243782818462219067811"]},"source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2017-11368-ea438f50","target":{"file":"src/kdc/do_as_req.c"}},{"digest":{"length":7164,"function_hash":"176621686112374436775066263314571356236"},"source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2017-11368-fcaca95d","target":{"function":"finish_process_as_req","file":"src/kdc/do_as_req.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11368.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}