Denial of Service Vulnerability in MIT Kerberos 5
CVE-2015-2695

Currently unrated

Key Information:

Vendor

Mit

Status
Kerberos 5
Vendor
CVE Published:
9 November 2015

What is CVE-2015-2695?

A vulnerability exists in the handling of SPNEGO packets within MIT Kerberos 5 software prior to version 1.14. This flaw can be exploited by remote attackers to trigger a denial of service condition, causing the application to crash by mishandling context during gss_inquire_context calls. Proper validation and context management are crucial to mitigate this risk.

References

http://lists.opensuse.org/opensuse-security-announce/2015...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015...
vendor-advisoryx_refsource_SUSE
https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5b...
x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.