CVE-2015-2697
published 2015-11-09CVE-2015-2697: The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of…
medium4CVSS 3.1
AVNACLAuSCNINAP
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.13.2+dfsg-3 (bookworm) | krb5 1.13.2+dfsg-3 (bookworm) |
| mit | kerberos_5 | < 1.14 | 1.14 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-3 | 1.13.2+dfsg-3 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-3 | 1.13.2+dfsg-3 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-3 | 1.13.2+dfsg-3 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-3 | 1.13.2+dfsg-3 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.2 |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| oracle | solaris | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
CVSS provenance
nvd4.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv5.0MEDIUM