CVE-2015-8631

Published: 13 February 2016

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

From the Ubuntu security team

It was discovered that Kerberos incorrectly handled principal names. A remote authenticated attacker could possibly use this issue to cause a denial of service.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
Upstream
Released (1.14+dfsg-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1.14.3+dfsg-2ubuntu1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1.14.3+dfsg-2ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.14.3+dfsg-2ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.14.3+dfsg-2ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1.13.2+dfsg-5)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.12+dfsg-2ubuntu5.4)
Patches:
Upstream: https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2
Binaries built from this source package are in Universe and so are supported by the community.