CVE-2015-8629 in Kerberosthông tin

Tóm tắt

Bởi MITRE

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Nguồn

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!