{"id":"CVE-2017-15088","details":"plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.","modified":"2026-04-02T00:05:15.873618Z","published":"2017-11-23T17:29:00.353Z","related":["MGASA-2017-0420","SUSE-SU-2017:2948-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/101594"},{"type":"REPORT","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1504045"},{"type":"FIX","url":"https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4"},{"type":"FIX","url":"https://github.com/krb5/krb5/pull/707"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/krb5/krb5","events":[{"introduced":"0"},{"last_affected":"d3cb9e2fbc6a5c7ff67de46473467be127c2df76"},{"fixed":"fbb687db1088ddd894d975996e5f6a4252b9a2b4"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.15.2"}]}}],"versions":["kfw-2.6-beta1","kfw-2.6-beta2","kfw-2.6-beta3","kfw-2.6-beta5","kfw-2.6-beta6","kfw-2.6-beta7","kfw-2.6-beta8","kfw-2.6-beta9","kfw-2.6-final","kfw-2.6.1-beta1","kfw-2.6.1-final","kfw-2.6.2-beta1","kfw-2.6.2-beta2","kfw-2.6.2-final","kfw-2.6.3-final","kfw-2.6.4-beta1","kfw-2.6.4-beta2","kfw-2.6.4-beta3","kfw-2.6.4-beta4","kfw-2.6.4-final","kfw-2.6.5-beta2","kfw-2.6.5-final","kfw-3.0-beta2","kfw-3.0-final","kfw-3.0.1-final","kfw-3.1.0-beta1","kfw-3.1.0-beta2","kfw-3.1.0-beta3","kfw-3.1.0-beta4","kfw-3.1.0-final","kfw-3.2.0-beta1","kfw-3.2.0-beta2","kfw-3.2.0-beta3","kfw-3.2.0-final","kfw-3.2.1-beta1","kfw-3.2.1-beta2","kfw-3.2.1-final","kfw-3.2.2-beta1","kfw-3.2.2-beta2","kfw-3.2.2-final","kfw-3.2.3-alpha1","kfw-4.0-final","kfw-4.0.1-beta1","kfw-4.0.1-final","kfw-4.1-beta1","kfw-4.1-beta2","kfw-4.1-beta3","kfw-4.1-beta3-mit","kfw-4.1-final","kfw-4.1-final-mit","krb5-1.0-alpha0","krb5-1.0-alpha2","krb5-1.0-alpha3","krb5-1.0-alpha4","krb5-1.0-alpha5","krb5-1.0-beta1","krb5-1.0-beta2","krb5-1.0-beta3","krb5-1.0-beta4","krb5-1.0-beta4.1","krb5-1.0-beta4.2","krb5-1.0-beta4.3","krb5-1.0-beta5","krb5-1.0-beta6","krb5-1.0-beta7","krb5-1.0-final","krb5-1.0-freeze1","krb5-1.0-freeze2","krb5-1.0-freeze3","krb5-1.0.1-final","krb5-1.0.2-final","krb5-1.0.3-final","krb5-1.0.4-final","krb5-1.0.5-final","krb5-1.0.5-freeze1","krb5-1.0.5-freeze2","krb5-1.0.5-freeze3","krb5-1.0.6-beta1","krb5-1.0.6-beta2","krb5-1.0.6-beta3","krb5-1.0.6-beta4","krb5-1.0.6-beta5","krb5-1.0.6-final","krb5-1.0.7-beta1","krb5-1.0.7-beta2","krb5-1.1-beta1","krb5-1.1-final","krb5-1.1.1-beta1","krb5-1.1.1-beta2","krb5-1.1.1-final","krb5-1.1.2-beta1","krb5-1.1.2-beta2","krb5-1.10-alpha1","krb5-1.10-alpha2","krb5-1.10-beta1","krb5-1.10-final","krb5-1.10.1-final","krb5-1.10.2-final","krb5-1.10.3-final","krb5-1.10.4-final","krb5-1.10.5-final","krb5-1.10.6-final","krb5-1.10.7-final","krb5-1.11-alpha1","krb5-1.11-beta1","krb5-1.11-beta2","krb5-1.11-final","krb5-1.11.1-final","krb5-1.11.2-final","krb5-1.11.3-final","krb5-1.11.4-final","krb5-1.11.5-final","krb5-1.11.6-final","krb5-1.12-alpha1","krb5-1.12-beta1","krb5-1.12-beta2","krb5-1.12-final","krb5-1.12.1-final","krb5-1.12.2-final","krb5-1.12.3-final","krb5-1.12.4-final","krb5-1.12.5-final","krb5-1.13-alpha1","krb5-1.13-beta1","krb5-1.13-final","krb5-1.13.1-final","krb5-1.13.2-final","krb5-1.13.3-final","krb5-1.13.4-final","krb5-1.13.5-final","krb5-1.13.6-final","krb5-1.13.7-final","krb5-1.14-alpha1","krb5-1.14-beta1","krb5-1.14-beta2","krb5-1.14-final","krb5-1.14.1-final","krb5-1.14.2-final","krb5-1.14.3-final","krb5-1.14.4-final","krb5-1.14.5-final","krb5-1.14.6-final","krb5-1.15-beta1","krb5-1.15-beta2","krb5-1.15-final","krb5-1.15.1-final","krb5-1.15.2-final","krb5-1.16-beta1","krb5-1.16-beta2","krb5-1.16-final","krb5-1.16.1-final","krb5-1.16.2-final","krb5-1.16.3-final","krb5-1.16.4-final","krb5-1.2-beta1","krb5-1.2-beta2","krb5-1.2-beta3","krb5-1.2-beta4","krb5-1.2-final","krb5-1.2.1-final","krb5-1.2.2-beta1","krb5-1.2.2-final","krb5-1.2.3-beta1","krb5-1.2.3-beta2","krb5-1.2.3-beta3","krb5-1.2.3-beta4","krb5-1.2.3-final","krb5-1.2.4-beta1","krb5-1.2.4-beta2","krb5-1.2.4-final","krb5-1.2.5-beta1","krb5-1.2.5-beta2","krb5-1.2.5-final","krb5-1.2.6-beta1","krb5-1.2.6-beta2","krb5-1.2.6-final","krb5-1.2.7-beta1","krb5-1.2.7-beta2","krb5-1.2.7-final","krb5-1.2.8-final","krb5-1.3-alpha1","krb5-1.3-alpha2","krb5-1.3-alpha3","krb5-1.3-beta1","krb5-1.3-beta2","krb5-1.3-beta3","krb5-1.3-beta4","krb5-1.3-beta5","krb5-1.3-final","krb5-1.3.1-beta1","krb5-1.3.1-final","krb5-1.3.1-kfw","krb5-1.3.2-beta1","krb5-1.3.2-beta2","krb5-1.3.2-beta3","krb5-1.3.2-beta4","krb5-1.3.2-beta5","krb5-1.3.2-final","krb5-1.3.3-beta1","krb5-1.3.3-beta2","krb5-1.3.3-final","krb5-1.3.4-beta1","krb5-1.3.4-final","krb5-1.3.5-beta1","krb5-1.3.5-final","krb5-1.3.6-final","krb5-1.4-beta1","krb5-1.4-beta2","krb5-1.4-beta3","krb5-1.4-beta4","krb5-1.4-beta5","krb5-1.4-final","krb5-1.4.1-beta1","krb5-1.4.1-final","krb5-1.4.2-beta1","krb5-1.4.2-final","krb5-1.4.3-beta1","krb5-1.4.3-beta2","krb5-1.4.3-final","krb5-1.4.4-beta1","krb5-1.4.4-final","krb5-1.5-alpha1","krb5-1.5-beta1","krb5-1.5-beta2","krb5-1.5-final","krb5-1.5.1-beta1","krb5-1.5.1-final","krb5-1.5.2-final","krb5-1.5.3-final","krb5-1.5.4-final","krb5-1.6-alpha1","krb5-1.6-beta1","krb5-1.6-beta2","krb5-1.6-final","krb5-1.6.1-beta1","krb5-1.6.1-final","krb5-1.6.2-final","krb5-1.6.3-beta1","krb5-1.6.3-beta2","krb5-1.6.3-final","krb5-1.6.4-beta1","krb5-1.7-alpha1","krb5-1.7-beta1","krb5-1.7-beta2","krb5-1.7-beta3","krb5-1.7-final","krb5-1.7.1-beta1","krb5-1.7.1-final","krb5-1.7.2-final","krb5-1.8-alpha1","krb5-1.8-beta1","krb5-1.8-beta2","krb5-1.8-final","krb5-1.8.1-beta1","krb5-1.8.1-beta2","krb5-1.8.1-final","krb5-1.8.2-beta1","krb5-1.8.2-final","krb5-1.8.3-beta1","krb5-1.8.3-final","krb5-1.8.4-final","krb5-1.8.5-beta1","krb5-1.8.5-final","krb5-1.8.6-final","krb5-1.9-beta1","krb5-1.9-beta2","krb5-1.9-beta3","krb5-1.9-final","krb5-1.9.1-beta1","krb5-1.9.1-final","krb5-1.9.2-beta1","krb5-1.9.2-final","krb5-1.9.3-final","krb5-1.9.4-final","krb5-1.9.5-final","ms-bug-test-20060525"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4","signature_version":"v1","id":"CVE-2017-15088-0bbe7661","digest":{"length":461,"function_hash":"319056387699767631926726914969734411257"},"deprecated":false,"signature_type":"Function","target":{"function":"X509_NAME_oneline_ex","file":"src/plugins/preauth/pkinit/pkinit_crypto_openssl.c"}},{"source":"https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4","signature_version":"v1","id":"CVE-2017-15088-403776f7","digest":{"line_hashes":["279292813219746823677532824714218872323","217432453232397824978848157812379024368","119574223050316908539911420666720073950","183973212326717697863403440342551057940","66645707007354709630552218460901125348","97580563659190393370090612467161351977","12396520658741259575630900013970077531","104188435860651642774034395790333545957","121259980145935057902347539570000398038","52154987490860817268654532722753888760","6022096577875113642843530069954696558","200151014062051406045106902672288331866","119377450856674769030282981012203560724","149659764186472576570254343928344519020","131332746661157213836899878514307163630","87175253143964962761067964979816920387","99168924437238917432768983530711910483","190514094055831093294990264092044239942","224267047642386850990322236024090859661","99386848099307025553614398347969553667","42022065828970131235532434712775577951","78665054144780781925327514358981613412","69073023158311737696735031676335744188","89710413463912125817533208216805794900","138518148784896151289832497557417112998","183248215839116588960355176593480272968","331048256505064657749198070881374120796","227943242168469061897241941238536104464","211688238444337902509590690614539666973","38842525064467757614143210130200320924","35007492642268697301785938760503455309","332361462481790647058370067929282761483","276063617981788960207517436503131370354","203565305329433175028353793333334835032","111673338798337675178828952554646323116","330551950114059819946125617565239577877","62456707559558278907109169901650202512","177031895952329143620873325647733539197","327039109210123678431856163689744265017","77397130865429019974245280346772607548","257163156264683960940488981904381430006","128338143778771436158069468179498940393","53711828437006975536064707561482006908","118934550810338443395589486622052428642"],"threshold":0.9},"deprecated":false,"signature_type":"Line","target":{"file":"src/plugins/preauth/pkinit/pkinit_crypto_openssl.c"}},{"source":"https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4","signature_version":"v1","id":"CVE-2017-15088-b0147b26","digest":{"length":1652,"function_hash":"103045859072055760119567830516729182967"},"deprecated":false,"signature_type":"Function","target":{"function":"get_matching_data","file":"src/plugins/preauth/pkinit/pkinit_crypto_openssl.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15088.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}