CVE-2025-24528

Опубликовано: 31 янв. 2025

Источник: ubuntu

Приоритет: medium

Описание

In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.

Релиз	Статус	Примечание
devel	released	1.21.3-4ubuntu2
esm-infra-legacy/trusty	needs-triage
esm-infra/bionic	needs-triage
esm-infra/focal	not-affected	1.17-6ubuntu4.9
esm-infra/xenial	needs-triage
focal	released	1.17-6ubuntu4.9
jammy	released	1.19.2-2ubuntu0.6
noble	released	1.20.1-6ubuntu2.5
oracular	released	1.21.3-3ubuntu0.2
plucky	released	1.21.3-4ubuntu2

Показывать по

Ссылки на источники

Связанные уязвимости

CVE-2025-24528

CVSS3: 6.5

redhat

больше 1 года назад

A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.

CVE-2025-24528

debian

[Prevent overflow when calculating ulog block size]

SUSE-SU-2025:0401-1

suse-cvrf

4 месяца назад

Security update for crypto-policies, krb5

SUSE-SU-2025:0351-1

suse-cvrf

4 месяца назад

Security update for krb5

RLSA-2025:2722

rocky

около 1 месяца назад

Moderate: krb5 security update

CVE-2025-24528

Описание

Пакет krb5

Ссылки на источники

Связанные уязвимости