CVE-2015-2698

The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:1.14:beta2:*:*:*:*:*:*

History

No history.

Information

Published : 2015-11-13 03:59

Updated : 2024-02-28 15:21


NVD link : CVE-2015-2698

Mitre link : CVE-2015-2698

CVE.ORG link : CVE-2015-2698


JSON object : View

Products Affected

mit

  • kerberos_5
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer