CVE-2015-2698
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2015-2698
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-2698.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2015-2698
- Downstream
- Related
- Published
- 2015-11-13T03:59:00Z
- Modified
- 2025-08-09T19:01:27Z
- Summary
- [none]
- Details
-
The iakerbgssexportseccontext function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gssexportsec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.
- References