CVE-2015-2695
published 2015-11-09CVE-2015-2695: lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a…
medium5CVSS 3.1
AVNACLAuNCNINAP
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.13.2+dfsg-3 (bookworm) | krb5 1.13.2+dfsg-3 (bookworm) |
| mit | kerberos_5 | < 1.14 | 1.14 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-3 | 1.13.2+dfsg-3 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-3 | 1.13.2+dfsg-3 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-3 | 1.13.2+dfsg-3 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-3 | 1.13.2+dfsg-3 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.2 |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| oracle | solaris | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM