Lucene search

[email protected]CVE-2015-2698

HistoryNov 13, 2015 - 3:59 a.m.

CVE-2015-2698

2015-11-1303:59:00

CWE-119

[email protected]

web.nvd.nist.gov

mit kerberos 5

cve-2015-2698

memory corruption

remote exploit

nvd

7.7 High

AI Score

Confidence

High

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.5%

JSON

The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.

CPENameOperatorVersion
mit:kerberos_5mit kerberos 5eq1.14

CPE	Name	Operator	Version
mit:kerberos_5	mit kerberos 5	eq	1.14

References

krbdev.mit.edu/rt/Ticket/Display.html?id=8273

lists.opensuse.org/opensuse-updates/2015-11/msg00116.html

lists.opensuse.org/opensuse-updates/2015-12/msg00124.html

www.ubuntu.com/usn/USN-2810-1

github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd

7.7 High

AI Score

Confidence

High

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.5%

JSON

Related for CVE-2015-2698

prion2 ubuntucve2 debiancve2 openvas12 mageia2 ibm3 nessus13 fedora4 ubuntu1 altlinux3 cve1 suse3 osv2 debian2 gentoo1