Buffer overflow in Mit Kerberos_5

CVE-2015-2698

The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (me…

Vulnerability class: Buffer Overflow

EPSS: 0.009 (75.5th percentile) — read the EPSS interpretation.

Affected products

Mit Kerberos_5 — versions 1.14
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
openSUSE-SU-2015:2055 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2015:2376 (vendor-advisory, x_refsource_SUSE)
USN-2810-1 (x_refsource_UBUNTU, vendor-advisory)