Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-4345

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Aug, 2014 | 01:00
Updated At-06 Aug, 2024 | 11:12
Rejected At-
Credits

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Aug, 2014 | 01:00
Updated At:06 Aug, 2024 | 11:12
Rejected At:
▼CVE Numbering Authority (CNA)

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/61353
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/95212
vdb-entry
x_refsource_XF
https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1
x_refsource_CONFIRM
http://secunia.com/advisories/59993
third-party-advisory
x_refsource_SECUNIA
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980
x_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-1255.html
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html
vendor-advisory
x_refsource_FEDORA
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-0439.html
vendor-advisory
x_refsource_REDHAT
https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors
x_refsource_CONFIRM
http://secunia.com/advisories/61314
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html
vendor-advisory
x_refsource_SUSE
http://www.securitytracker.com/id/1030705
vdb-entry
x_refsource_SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=1128157
x_refsource_CONFIRM
http://secunia.com/advisories/60535
third-party-advisory
x_refsource_SECUNIA
http://www.osvdb.org/109908
vdb-entry
x_refsource_OSVDB
http://www.securityfocus.com/bid/69168
vdb-entry
x_refsource_BID
http://www.debian.org/security/2014/dsa-3000
vendor-advisory
x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
vendor-advisory
x_refsource_MANDRIVA
http://security.gentoo.org/glsa/glsa-201412-53.xml
vendor-advisory
x_refsource_GENTOO
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
x_refsource_CONFIRM
http://secunia.com/advisories/59415
third-party-advisory
x_refsource_SECUNIA
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-1255.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/60776
third-party-advisory
x_refsource_SECUNIA
https://github.com/krb5/krb5/pull/181
x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2014-0345.html
x_refsource_CONFIRM
http://secunia.com/advisories/59102
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/61353
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95212
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/59993
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980
Resource:
x_refsource_CONFIRM
Hyperlink: http://linux.oracle.com/errata/ELSA-2014-1255.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0439.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/61314
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securitytracker.com/id/1030705
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1128157
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/60535
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.osvdb.org/109908
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securityfocus.com/bid/69168
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.debian.org/security/2014/dsa-3000
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://security.gentoo.org/glsa/glsa-201412-53.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/59415
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1255.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/60776
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://github.com/krb5/krb5/pull/181
Resource:
x_refsource_CONFIRM
Hyperlink: http://advisories.mageia.org/MGASA-2014-0345.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/59102
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/61353
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/95212
vdb-entry
x_refsource_XF
x_transferred
https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/59993
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980
x_refsource_CONFIRM
x_transferred
http://linux.oracle.com/errata/ELSA-2014-1255.html
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-0439.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/61314
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securitytracker.com/id/1030705
vdb-entry
x_refsource_SECTRACK
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1128157
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/60535
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.osvdb.org/109908
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.securityfocus.com/bid/69168
vdb-entry
x_refsource_BID
x_transferred
http://www.debian.org/security/2014/dsa-3000
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://security.gentoo.org/glsa/glsa-201412-53.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/59415
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2014-1255.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/60776
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://github.com/krb5/krb5/pull/181
x_refsource_CONFIRM
x_transferred
http://advisories.mageia.org/MGASA-2014-0345.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/59102
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/61353
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95212
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/59993
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://linux.oracle.com/errata/ELSA-2014-1255.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0439.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/61314
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securitytracker.com/id/1030705
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1128157
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/60535
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.osvdb.org/109908
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securityfocus.com/bid/69168
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.debian.org/security/2014/dsa-3000
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201412-53.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/59415
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1255.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/60776
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://github.com/krb5/krb5/pull/181
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://advisories.mageia.org/MGASA-2014-0345.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/59102
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Aug, 2014 | 05:01
Updated At:12 Apr, 2025 | 10:46

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.08.5HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 8.5
Base severity: HIGH
Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C
CPE Matches
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.6
cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.6.1
cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.6.2
cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.7
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.7.1
cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.1
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.2
cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.3
cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.4
cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.5
cpe:2.3:a:mit:kerberos_5:1.8.5:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.6
cpe:2.3:a:mit:kerberos_5:1.8.6:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.9
cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.9.1
cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.9.2
cpe:2.3:a:mit:kerberos_5:1.9.2:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.9.3
cpe:2.3:a:mit:kerberos_5:1.9.3:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.9.4
cpe:2.3:a:mit:kerberos_5:1.9.4:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.10
cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.10.1
cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.10.2
cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.10.3
cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.10.4
cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.11
cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.11.1
cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.11.2
cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.11.3
cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.11.4
cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.11.5
cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.12
cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.12.1
cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://advisories.mageia.org/MGASA-2014-0345.htmlcve@mitre.org
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705cve@mitre.org
N/A
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980cve@mitre.org
N/A
http://linux.oracle.com/errata/ELSA-2014-1255.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2014-1255.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2015-0439.htmlcve@mitre.org
N/A
http://secunia.com/advisories/59102cve@mitre.org
N/A
http://secunia.com/advisories/59415cve@mitre.org
N/A
http://secunia.com/advisories/59993cve@mitre.org
N/A
http://secunia.com/advisories/60535cve@mitre.org
N/A
http://secunia.com/advisories/60776cve@mitre.org
N/A
http://secunia.com/advisories/61314cve@mitre.org
N/A
http://secunia.com/advisories/61353cve@mitre.org
N/A
http://security.gentoo.org/glsa/glsa-201412-53.xmlcve@mitre.org
N/A
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txtcve@mitre.org
Vendor Advisory
http://www.debian.org/security/2014/dsa-3000cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2014:165cve@mitre.org
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlcve@mitre.org
N/A
http://www.osvdb.org/109908cve@mitre.org
N/A
http://www.securityfocus.com/bid/69168cve@mitre.org
N/A
http://www.securitytracker.com/id/1030705cve@mitre.org
N/A
https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errorscve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=1128157cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/95212cve@mitre.org
N/A
https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1cve@mitre.org
N/A
https://github.com/krb5/krb5/pull/181cve@mitre.org
N/A
http://advisories.mageia.org/MGASA-2014-0345.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705af854a3a-2127-422b-91ae-364da2661108
N/A
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980af854a3a-2127-422b-91ae-364da2661108
N/A
http://linux.oracle.com/errata/ELSA-2014-1255.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2014-1255.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-0439.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/59102af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/59415af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/59993af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/60535af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/60776af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/61314af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/61353af854a3a-2127-422b-91ae-364da2661108
N/A
http://security.gentoo.org/glsa/glsa-201412-53.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txtaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2014/dsa-3000af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2014:165af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/109908af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/69168af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1030705af854a3a-2127-422b-91ae-364da2661108
N/A
https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errorsaf854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=1128157af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/95212af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/krb5/krb5/pull/181af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://advisories.mageia.org/MGASA-2014-0345.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://linux.oracle.com/errata/ELSA-2014-1255.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1255.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0439.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/59102
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/59415
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/59993
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/60535
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/60776
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/61314
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/61353
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-201412-53.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2014/dsa-3000
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/109908
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/69168
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1030705
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1128157
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95212
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/krb5/krb5/pull/181
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://advisories.mageia.org/MGASA-2014-0345.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://linux.oracle.com/errata/ELSA-2014-1255.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1255.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0439.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/59102
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/59415
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/59993
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/60535
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/60776
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/61314
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/61353
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-201412-53.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2014/dsa-3000
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/109908
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/69168
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1030705
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1128157
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95212
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/krb5/krb5/pull/181
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2007-4000
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.5||HIGH
EPSS-10.43% / 92.92%
||
7 Day CHG~0.00%
Published-05 Sep, 2007 | 10:00
Updated-07 Aug, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)Fedora Project
Product-kerberos_5fedoran/a
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2015-2698
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.5||HIGH
EPSS-1.17% / 77.83%
||
7 Day CHG~0.00%
Published-13 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Details not found