vulnerability

Oracle Linux: CVE-2015-8629: ELSA-2016-0493: krb5 security update (MODERATE) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:N/AC:H/Au:S/C:P/I:N/A:N)	Feb 13, 2016	Mar 28, 2016	Dec 3, 2025

Severity

CVSS

(AV:N/AC:H/Au:S/C:P/I:N/A:N)

Published

Feb 13, 2016

Added

Mar 28, 2016

Modified

Dec 3, 2025

Description

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

Solutions

oracle-linux-upgrade-krb5-develoracle-linux-upgrade-krb5-libsoracle-linux-upgrade-krb5-pkinitoracle-linux-upgrade-krb5-pkinit-openssloracle-linux-upgrade-krb5-serveroracle-linux-upgrade-krb5-server-ldaporacle-linux-upgrade-krb5-workstation

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report