Unrated severityNVD Advisory· Published Nov 13, 2015· Updated May 6, 2026
CVE-2015-2698
CVE-2015-2698
Description
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.
Affected products
9- osv-coords9 versionspkg:rpm/opensuse/krb5&distro=openSUSE%20Tumbleweedpkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 1.15-1.1+ 8 more
- (no CPE)range: < 1.15-1.1
- (no CPE)range: < 1.12.1-22.5
- (no CPE)range: < 1.12.1-22.5
- (no CPE)range: < 1.12.1-22.5
- (no CPE)range: < 1.12.1-22.5
- (no CPE)range: < 1.12.1-22.5
- (no CPE)range: < 1.12.1-22.5
- (no CPE)range: < 1.12.1-22.5
- (no CPE)range: < 1.12.1-22.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.