CVE-2015-8629 vulnerability in MIT and Other Products
Published on February 13, 2016

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2015-8629

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2015-8629 are published in these products:

MIT Kerberos 5

Debian Linux

OpenSuse Leap

OpenSuse

Oracle Linux

Oracle Solaris

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Eus

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Server Aus

Red Hat Enterprise Linux Server Tus

Red Hat Enterprise Linux Workstation

Exploit Probability

EPSS

1.61%

Percentile

81.55%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2015-8629 vulnerability in MIT and Other ProductsPublished on February 13, 2016

Products Associated with CVE-2015-8629

Exploit Probability

CVE-2015-8629 vulnerability in MIT and Other Products
Published on February 13, 2016