CVE-2025-24528

Опубликовано: 16 янв. 2026

Источник: nvd

CVSS3: 7.1

EPSS Низкий

Описание

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

Ссылки

EPSS

Процентиль: 2%

0.00014

Низкий

7.1 High

CVSS3

Дефекты

CWE-190

Связанные уязвимости

CVE-2025-24528

CVSS3: 7.1

ubuntu

22 дня назад

CVE-2025-24528

CVSS3: 6.5

redhat

около 2 лет назад

A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.

CVE-2025-24528

CVSS3: 7.1

debian

22 дня назад

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation ...

SUSE-SU-2025:0401-1

suse-cvrf

12 месяцев назад

Security update for crypto-policies, krb5

SUSE-SU-2025:0351-1

suse-cvrf

около 1 года назад

Security update for krb5

EPSS

Процентиль: 2%

0.00014

Низкий

7.1 High

CVSS3

Дефекты

CWE-190