Back to search
CVE-2015-2698
Published: Nov 13, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd
x_refsource_CONFIRM
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273
x_refsource_CONFIRM
openSUSE-SU-2015:2055
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2015:2376
vendor-advisory
x_refsource_SUSE
USN-2810-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now