CVE-2015-2698

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (aka krb5) version 1.14 pre-release 2015-09-14

Description The issue is related to the iakerb gss export sec context function in lib/gssapi/krb5/iakerb.c, which improperly accesses a certain pointer. This allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss export sec context function.

Recommendations For MIT Kerberos 5 (aka krb5) version 1.14 pre-release 2015-09-14, consider updating to a newer version that correctly fixes the issue, as the current version contains an incorrect fix that introduces this problem. At the moment, there is no information about a newer version that contains a fix for this vulnerability.