Home CVE Database CVE-2015-8629

CVE-2015-8629

Description

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether \'\\0\' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

Priority: LOW
CVSS v3: 3.1
Publish Date: Feb 12, 2016
Related ID: --
CVSS v2: Low
Modified Date: Feb 12, 2016

Find out more about CVE-2015-8629 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

krb5

Live chat
Online