Back to search
CVE-2015-2697
Published: Nov 9, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789
x_refsource_CONFIRM
77581
vdb-entry
x_refsource_BID
SUSE-SU-2015:1897
vendor-advisory
x_refsource_SUSE
GLSA-201611-14
vendor-advisory
x_refsource_GENTOO
1034084
vdb-entry
x_refsource_SECTRACK
openSUSE-SU-2015:1997
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2015:1928
vendor-advisory
x_refsource_SUSE
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252
x_refsource_CONFIRM
DSA-3395
vendor-advisory
x_refsource_DEBIAN
USN-2810-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now