VDB

GCVE-110-MAGEIA-2016-52

GCVE-110-MAGEIA-2016-52
Advisory Published
Vulnetix · Advisory published February 5, 2016
In all versions of MIT krb5, an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database (CVE-2015-8629). In MIT krb5 1.12 and later, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask (CVE-2015-8630). In all versions of MIT krb5, an authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory (CVE-2015-8631).

Affected Products

VendorProductVersionsPlatforms
Mageiahatari0 (affected), 1.9.0-1.mga5 (unaffected)
Mageiakrb50 (affected), 1.12.2-8.3.mga5 (unaffected), 0 (affected), 1.12.2-8.3.mga5 (unaffected)

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›