7.1
CVE-2015-2696
- EPSS 8.28%
- Published 09.11.2015 03:59:02
- Last modified 12.04.2025 10:46:40
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.
Data is provided by the National Vulnerability Database (NVD)
Mit ≫ Kerberos 5 Version < 1.14
Suse ≫ Linux Enterprise Desktop Version12 Update-
Suse ≫ Linux Enterprise Server Version12 Update-
Suse ≫ Linux Enterprise Software Development Kit Version12 Update-
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Canonical ≫ Ubuntu Linux Version12.04 SwEdition-
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version15.04
Canonical ≫ Ubuntu Linux Version15.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.28% | 0.92 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 8.6 | 6.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:C
|