VIR Vulnerability Intelligence Relay

CVE-2015-8631

medium
Published 2016-02-13 · Modified 2026-05-06
CVSS v3
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
VIR risk
6.5

Description

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

Predictions

Exploit likelihood
75%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

OS impact
OSVersionStatusFixed in
suse slesaffected
debian debianbookwormfixed1.13.2+dfsg-5
debian debianbullseyefixed1.13.2+dfsg-5
debian debianforkyfixed1.13.2+dfsg-5
debian debiansidfixed1.13.2+dfsg-5
debian debiantrixiefixed1.13.2+dfsg-5
debian debian7.0affected
debian debian8.0affected
suse suse42.1affected
suse suse13.2affected
redhat rhel6.0affected
redhat rhel7.0affected
redhat rhel6.7affected
redhat rhel7.2affected
redhat rhel7.3affected
redhat rhel7.4affected
redhat rhel7.5affected
redhat rhel7.6affected
redhat rhel7.7affected

Application impact
VendorProductVersionsFixed
mitkerberos_5{"endExcluding":"1.13.4"}1.13.4

References

CWEs

CWE-772

💬 Discuss CVE-2015-8631 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.