Your submission was sent successfully! Close

CVE-2015-2697

Published: 8 November 2015

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

Priority

Medium

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
precise
Released (1.10+dfsg~beta1-2ubuntu0.7)
trusty
Released (1.12+dfsg-2ubuntu5.2)
upstream
Released (1.13.2+dfsg-3)
vivid
Released (1.12.1+dfsg-18ubuntu0.1)
wily
Released (1.13.2+dfsg-2ubuntu0.1)