CVE-2015-2698
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.
La función iakerb_gss_export_sec_context en lib/gssapi/krb5/iakerb.c en MIT Kerberos 5 (también conocida como krb5) 1.14 pre-release 2015-09-14 no accede adecuadamente a cierto puntero, lo que permite a usuarios remotos autenticados causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado al interactuar con una aplicación que llama a la función gss_export_sec_context. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2015-2696.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-03-24 CVE Reserved
- 2015-11-12 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273 | 2020-01-21 | |
http://lists.opensuse.org/opensuse-updates/2015-11/msg00116.html | 2020-01-21 | |
http://lists.opensuse.org/opensuse-updates/2015-12/msg00124.html | 2020-01-21 | |
http://www.ubuntu.com/usn/USN-2810-1 | 2020-01-21 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.14 Search vendor "Mit" for product "Kerberos 5" and version "1.14" | beta2 |
Affected
|