VDB
GCVE-110-MAGEIA-2016-52
GCVE-110-MAGEIA-2016-52
Advisory Published
In all versions of MIT krb5, an authenticated attacker can cause kadmind
to read beyond the end of allocated memory by sending a string without a
terminating zero byte. Information leakage may be possible for an
attacker with permission to modify the database (CVE-2015-8629).
In MIT krb5 1.12 and later, an authenticated attacker with permission to
modify a principal entry can cause kadmind to dereference a null pointer
by supplying a null policy value but including KADM5_POLICY in the mask
(CVE-2015-8630).
In all versions of MIT krb5, an authenticated attacker can cause kadmind
to leak memory by supplying a null principal name in a request which uses
one. Repeating these requests will eventually cause kadmind to exhaust
all available memory (CVE-2015-8631).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | hatari | 0 (affected), 1.9.0-1.mga5 (unaffected) | — |
| Mageia | krb5 | 0 (affected), 1.12.2-8.3.mga5 (unaffected), 0 (affected), 1.12.2-8.3.mga5 (unaffected) | — |
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.