CVE-2025-24528

Опубликовано: 28 янв. 2024

Источник: redhat

CVSS3: 6.5

Описание

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Ansible Automation Platform 2	aap-cloud-metrics-collector-container	Not affected
Red Hat Ansible Automation Platform 2	ansible-automation-platform-24/ee-minimal-rhel8	Not affected
Red Hat Ansible Automation Platform 2	ansible-automation-platform-25/ansible-builder-rhel8	Not affected
Red Hat Ansible Automation Platform 2	ansible-automation-platform-25/ee-supported-rhel8	Not affected
Red Hat Enterprise Linux 10	krb5	Not affected
Red Hat Enterprise Linux 6	krb5	Out of support scope
Red Hat OpenShift Container Platform 4	rhcos	Fix deferred
Red Hat Enterprise Linux 7 Extended Lifecycle Support	krb5	Fixed	RHSA-2025:1352	12.02.2025
Red Hat Enterprise Linux 8	krb5	Fixed	RHSA-2025:2722	13.03.2025
Red Hat Enterprise Linux 9	krb5	Fixed	RHSA-2025:7067	13.05.2025