Lucene search

K
cve[email protected]CVE-2015-5292
HistoryOct 29, 2015 - 4:59 p.m.

CVE-2015-5292

2015-10-2916:59:00
CWE-399
web.nvd.nist.gov
42
cve-2015-5292
memory leak
pac responder
sssd
denial of service
remote authentication

6 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.7%

Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.

Affected configurations

NVD
Node
fedoraprojectsssdMatch1.10.0
OR
fedoraprojectsssdMatch1.10.1
OR
fedoraprojectsssdMatch1.11.0
OR
fedoraprojectsssdMatch1.11.1
OR
fedoraprojectsssdMatch1.11.2
OR
fedoraprojectsssdMatch1.11.3
OR
fedoraprojectsssdMatch1.11.4
OR
fedoraprojectsssdMatch1.11.5
OR
fedoraprojectsssdMatch1.11.6
OR
fedoraprojectsssdMatch1.11.7
OR
fedoraprojectsssdMatch1.12.0
OR
fedoraprojectsssdMatch1.12.1
OR
fedoraprojectsssdMatch1.12.2
OR
fedoraprojectsssdMatch1.12.3
OR
fedoraprojectsssdMatch1.12.4
OR
fedoraprojectsssdMatch1.12.5
OR
fedoraprojectsssdMatch1.13.0

6 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.7%