vulnerability

Arch Linux: Arbitrary code execution (CVE-2017-11462)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Sep 13, 2017	Jul 11, 2025	Nov 27, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Sep 13, 2017

Added

Jul 11, 2025

Modified

Nov 27, 2025

Description

A double free vulnerability has been discovered in MIT Kerberos 5 (aka krb5) allowing attackers to crash the application or possibly execute arbitrary code via vectors involving automatic deletion of security contexts on error.

Solution

arch-linux-upgrade-latest

References

CVE-2017-11462
https://attackerkb.com/topics/CVE-2017-11462
URL-http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
URL-https://bugzilla.redhat.com/show_bug.cgi?id=1488873
URL-https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf
URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/
URL-https://security.archlinux.org/ASA-201710-8
URL-https://security.archlinux.org/ASA-201710-9
URL-https://web.mit.edu/kerberos/krb5-1.15/
CWE-415

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today