CVE-2015-2696

2015-11-0903:59:00

CWE-18

[email protected]

web.nvd.nist.gov

cve-2015-2696

mit kerberos 5

krb5

denial of service

iakerb packet

nvd

7 High

AI Score

Confidence

High

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.17 Low

EPSS

Percentile

96.0%

JSON

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.

CPENameOperatorVersion
mit:kerberos_5mit kerberos 5lt1.14
opensuse:leapopensuse leapeq42.1
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2
suse:linux_enterprise_serversuse linux enterprise servereq12
suse:linux_enterprise_software_development_kitsuse linux enterprise software development kiteq12
suse:linux_enterprise_desktopsuse linux enterprise desktopeq12
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq7.0
debian:debian_linuxdebian debian linuxeq9.0

CPE	Name	Operator	Version
mit:kerberos_5	mit kerberos 5	lt	1.14
opensuse:leap	opensuse leap	eq	42.1
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2
suse:linux_enterprise_server	suse linux enterprise server	eq	12
suse:linux_enterprise_software_development_kit	suse linux enterprise software development kit	eq	12
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	12
debian:debian_linux	debian debian linux	eq	8.0
debian:debian_linux	debian debian linux	eq	7.0
debian:debian_linux	debian debian linux	eq	9.0