CVE-2015-8631

DEB

Medium

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow …

CVSS

6.5

Medium

EPSS

0.03

p86

Published

2015-01-01

Updated

2015-01-01

Description

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

Tags · CWE

CWE-401

CWE-772

CAPEC-469

Affected products

Debian_linux

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

2015-01-01

Published

2015-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: L

Low (L)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.026 · p86

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1499.002Service Exhaustion Flood

└ via CAPEC-469 · CWE-772

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected software

Product	Vendor	Status
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
debian_linux	*	Tracked
enterprise_linux_desktop	*	Tracked
enterprise_linux_eus	*	Tracked

Source databases

DEB

CVE

RED

UBU