Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-24528

Опубликовано: 16 янв. 2026
Источник: debian

Описание

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
krb5fixed1.21.3-5package
krb5fixed1.20.1-2+deb12u3bookwormpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2342796

  • Fixed by: https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0

Связанные уязвимости

CVSS3: 7.1
ubuntu
22 дня назад

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

CVSS3: 6.5
redhat
около 2 лет назад

A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.

CVSS3: 7.1
nvd
22 дня назад

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

suse-cvrf
12 месяцев назад

Security update for crypto-policies, krb5

suse-cvrf
около 1 года назад

Security update for krb5