NVD

Id
33054  
Name
CVE-2014-5355  
Description
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a "" character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the "" character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2015-02-20  
Modified Date
2017-01-02  
Seq
2014-5355  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
173437 33054 CVE-2014-5355 http://krbdev.mit.edu/rt/Ticket/Display.html?id=8050  View
173438 33054 CVE-2014-5355 openSUSE-SU-2015:0542  View
173439 33054 CVE-2014-5355 RHSA-2015:0794  View
173440 33054 CVE-2014-5355 MDVSA-2015:069  View
173441 33054 CVE-2014-5355 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html  View
173442 33054 CVE-2014-5355 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html  View
173443 33054 CVE-2014-5355 74042  View
173444 33054 CVE-2014-5355 USN-2810-1  View
173445 33054 CVE-2014-5355 https://github.com/krb5/krb5/commit/102bb6ebf20f9174130c85c3b052ae104e5073ec  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
19046 JVNDB-2014-007921 MIT Kerberos 5 におけるサービス運用妨害 (DoS) の脆弱性 MIT Kerberos 5 (別名 krb5) は、krb5_read_message のデータフィールドが "" 文字で終わる文字列として表されることを誤って予測するため、サービス運用妨害 (NULL ポインタデリファレンスまたは out-of-bounds read) 状態にされる脆弱性が存在します。 CVE-2014-5355 72644 CVE-2014-5355 33054 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007921.html 2014-12-10 2015-03-02 View