CVE-2026-11850 Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read

🗓️ 11 Jun 2026 09:49:07Reported by redhatType

kerberos integer underflow in berval2tl_data() causes heap read when bv_len is 0 or 1.

Reporter	Title	Published	Views	Family All 12
CVE	CVE-2026-11850	11 Jun 202609:49	–	cve
Debian CVE	CVE-2026-11850	11 Jun 202609:49	–	debiancve
EUVD	EUVD-2026-36219	11 Jun 202609:49	–	euvd
NVD	CVE-2026-11850	11 Jun 202610:16	–	nvd
OSV	DEBIAN-CVE-2026-11850	11 Jun 202610:16	–	osv
OSV	ECHO-B5CB-5A81-96DE	12 Jun 202620:11	–	osv
OSV	UBUNTU-CVE-2026-11850	12 Jun 202600:00	–	osv
Positive Technologies	PT-2026-48636	11 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-11850	11 Jun 202609:49	–	redhatcve
RedHat Linux	Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update	12 Jun 202613:47	–	redhat

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Hardened Images",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "krb5-main",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1.22.2-8.hum1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:hummingbird:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "krb5",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "krb5",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "krb5",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "krb5",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "krb5",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhcos",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2026:25520
access	www.access.redhat.com/security/cve/CVE-2026-11850

12 Jun 2026 13:52Current

CVSS 3.15

EPSS0.00035

CWE-191