Unrated severityNVD Advisory· Published Feb 19, 2015· Updated May 6, 2026
CVE-2014-9423
CVE-2014-9423
Description
The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txtnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-02/msg00044.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0439.htmlnvd
- web.mit.edu/kerberos/advisories/2015-001-patch-r113.txtnvd
- www.debian.org/security/2015/dsa-3153nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/72503nvd
- www.ubuntu.com/usn/USN-2498-1nvd
- github.com/krb5/krb5/commit/5bb8a6b9c9eb8dd22bc9526751610aaa255ead9cnvd
News mentions
0No linked articles in our index yet.