CVE-2015-5292
Severity
6.8MEDIUM
EPSS
2.7%
top 14.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 29
Latest updateMay 17
Description
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
CVSS vector
AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9
Affected Packages2 packages
🔴Vulnerability Details
3GHSA▶
GHSA-5f57-m892-gf57: Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin↗2022-05-17
OSV▶
CVE-2015-5292: Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin↗2015-10-29
CVEList▶
CVE-2015-5292: Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin↗2015-10-29