CVE-2015-2698
Last modified
CVE-2015-2698 is a vulnerability of currently unknown severity. The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.. EPSS estimates a 2.89% chance of exploitation in the next 30 days.
Description
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Mit | Kerberos 5 | 1.14 | Beta2 |
References
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273Vendor Advisory
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-2698?
How severe is CVE-2015-2698?
How do I fix CVE-2015-2698?
Are you affected by CVE-2015-2698?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST