The vulnerability in the component /krb5/src/lib/gssapi/krb5/k5sealv3.c of the Kerberos network protocol allows a attacker to induce a service failure.

🗓️ 03 Apr 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Kerberos component k5sealv3 memory release vulnerability may let attacker cause service failure.

Reporter	Title	Published	Views	Family All 115
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from kerberos 5, libxml2, go-jose, runc	3 Feb 202522:53	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities affect multiple packages shipped with IBM CICS TX Advanced.	28 Apr 202510:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.7 is vulnerable to multiple Base OS issues	15 Apr 202503:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana (OnPrem) has addressed multiple vulnerabilities	17 Sep 202513:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge v5.1.1 is vulnerable to multiple Base OS issues	2 Apr 202517:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak	21 Jan 202520:59	–	ibm
IBM Security Bulletins	Security Bulletin: Denial of service, directory traversal, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service	15 Apr 202502:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to Kerberos 5, OpenSSL, libexpat, golang-jwt, and GnuPG Libgcrypt	6 Dec 202412:00	–	ibm
Tenable Nessus	Amazon Linux 2023 : krb5-devel, krb5-libs, krb5-pkinit (ALAS2023-2024-586)	17 Apr 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : krb5 (ALAS-2024-2512)	18 Apr 202400:00	–	nessus

Vulners

Node

novell suse_linux_enterprise_microMatch5.1

OR

novell suse_linux_enterprise_microMatch5.2

OR

novell suse_manager_retail_branch_serverMatch4.3

OR

novell suse_manager_proxyMatch4.3

OR

novell suse_manager_serverMatch4.3

OR

novell suse_enterprise_storageMatch7.1

OR

novell suse_linux_enterprise_microMatch5.3

OR

novell suse_linux_enterprise_microMatch5.4

OR

novell suse_linux_enterprise_microMatch5.5

OR

novell basesystem_moduleMatch15-sp5

OR

mit kerberosMatch1.21.2

OR

novell opensuse_leapMatch15.5

OR

novell opensuse_leap_microMatch5.3

OR

novell opensuse_leap_microMatch5.4

OR

novell opensuse_leap_microMatch5.5

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2024-26461
suse	www.suse.com/security/cve/CVE-2024-26461.html
github	www.github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md
repo	www.repo.red-soft.ru/redos/7.3c/x86_64/updates/
wiki	www.wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
wiki	www.wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47
wiki	www.wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16
web	www.web.nvd.nist.gov/view/vuln/detail

20 Jan 2026 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 37.5

CVSS 27.8

EPSS0.00081

Kerberos k5sealv3 memory release memory release error service failure attacker exploit