CVE-2015-2696
published 2015-11-09CVE-2015-2696: lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of…
high7.1CVSS 3.1
AVNACMAuNCNINAC
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.13.2+dfsg-4 (bookworm) | krb5 1.13.2+dfsg-4 (bookworm) |
| debian | krb5 | < krb5 1.13.2+dfsg-3 (bookworm) | krb5 1.13.2+dfsg-3 (bookworm) |
| mit | kerberos_5 | < 1.14 | 1.14 |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.13.2+dfsg-4 | 1.13.2+dfsg-4 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-3 | 1.13.2+dfsg-3 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-4 | 1.13.2+dfsg-4 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-3 | 1.13.2+dfsg-3 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-4 | 1.13.2+dfsg-4 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-3 | 1.13.2+dfsg-3 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-4 | 1.13.2+dfsg-4 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-3 | 1.13.2+dfsg-3 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.2 |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_server | — | — |
CVSS provenance
nvd8.5HIGHAV:N/AC:M/Au:S/C:C/I:C/A:C
osv7.1HIGH