CVE-2015-8629 — Out-of-bounds Read in Kerberos 5

CWE-125 — Out-of-bounds Read CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

5.3MEDIUMNVD

EPSS

1.6%

top 18.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5 Debian Linux +10 more

Timeline

PublishedFeb 13

Latest updateMay 13

Description

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages9 packages

▶NVDmit/kerberos_51.14 — 1.14.1+1

▶Debianmit/krb5< 1.13.2+dfsg-5+3

▶NVDoracle/linux6, 7+1

▶NVDopensuse/leap42.1

▶NVDoracle/solaris10, 11.3+1

Also affects: Debian Linux 7.0, 8.0, Enterprise Linux 6.7, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-2xvp-5pfr-cwhc: The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr↗2022-05-13

▶

CVEList

CVE-2015-8629: The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr↗2016-02-13

▶

OSV

CVE-2015-8629: The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr↗2016-02-13

▶

📋Vendor Advisories

Red Hat

krb5: xdr_nullstring() doesn't check for terminating null character↗2016-01-08

▶

Debian

CVE-2015-8629: krb5 - The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerber...↗2015

▶

💬Community

Bugzilla

CVE-2015-8629 krb5: xdr_nullstring() doesn't check for terminating null character↗2016-01-28

▶

Bugzilla

CVE-2015-8629 krb5: xdr_nullstring() doesn't check for terminating null character [fedora-all]↗2016-01-28

▶