6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.064 Low
EPSS
Percentile
93.6%
Package : krb5
Version : 1.8.3+dfsg-4squeeze11
CVE ID : CVE-2015-8629 CVE-2015-8631
Debian Bug : 813126 813296
CVE-2015-8629
It was discovered that an authenticated attacker can cause kadmind
to read beyond the end of allocated memory by sending a string
without a terminating zero byte. Information leakage may be possible
for an attacker with permission to modify the database.
CVE-2015-8631
It was discovered that an authenticated attacker can cause kadmind
to leak memory by supplying a null principal name in a request which
uses one. Repeating these requests will eventually cause kadmind to
exhaust all available memory.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | i386 | krb5-gss-samples | < 1.10.1+dfsg-5+deb7u7 | krb5-gss-samples_1.10.1+dfsg-5+deb7u7_i386.deb |
Debian | 7 | kfreebsd-amd64 | krb5-kdc | < 1.10.1+dfsg-5+deb7u7 | krb5-kdc_1.10.1+dfsg-5+deb7u7_kfreebsd-amd64.deb |
Debian | 7 | armhf | libkdb5-6 | < 1.10.1+dfsg-5+deb7u7 | libkdb5-6_1.10.1+dfsg-5+deb7u7_armhf.deb |
Debian | 7 | mipsel | libkrb5-dev | < 1.10.1+dfsg-5+deb7u7 | libkrb5-dev_1.10.1+dfsg-5+deb7u7_mipsel.deb |
Debian | 7 | kfreebsd-amd64 | libkadm5clnt-mit8 | < 1.10.1+dfsg-5+deb7u7 | libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u7_kfreebsd-amd64.deb |
Debian | 7 | s390 | libk5crypto3 | < 1.10.1+dfsg-5+deb7u7 | libk5crypto3_1.10.1+dfsg-5+deb7u7_s390.deb |
Debian | 8 | arm64 | libkrad0 | < 1.12.1+dfsg-19+deb8u2 | libkrad0_1.12.1+dfsg-19+deb8u2_arm64.deb |
Debian | 7 | kfreebsd-amd64 | libkrb5support0 | < 1.10.1+dfsg-5+deb7u7 | libkrb5support0_1.10.1+dfsg-5+deb7u7_kfreebsd-amd64.deb |
Debian | 7 | mips | krb5-kdc | < 1.10.1+dfsg-5+deb7u7 | krb5-kdc_1.10.1+dfsg-5+deb7u7_mips.deb |
Debian | 8 | kfreebsd-amd64 | krb5-otp | < 1.12.1+dfsg-19+deb8u2 | krb5-otp_1.12.1+dfsg-19+deb8u2_kfreebsd-amd64.deb |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.064 Low
EPSS
Percentile
93.6%