CVE-2015-8629
published 2016-02-13CVE-2015-8629: The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether…
medium5.3CVSS 3.1
AVNACHPRLUINSUCHINAN
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.13.2+dfsg-5 (bookworm) | krb5 1.13.2+dfsg-5 (bookworm) |
| mit | kerberos_5 | < 1.13.4 | 1.13.4 |
| mit | kerberos_5 | >= 1.14 < 1.14.1 | 1.14.1 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-5 | 1.13.2+dfsg-5 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-5 | 1.13.2+dfsg-5 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-5 | 1.13.2+dfsg-5 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-5 | 1.13.2+dfsg-5 |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| oracle | linux | — | — |
| oracle | linux | — | — |
| oracle | solaris | — | — |
| oracle | solaris | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
osv5.3MEDIUM