CVE-2015-8629: Verify decoded kadmin C strings. In all versions of MIT krb5, an authenticated attacker can causekadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. Fixed In Version: 1.14.1, 1.13.4