69 matches found
Astra Linux – Vulnerability in krb5
The file “lib/kadm5/kadmrpcxdr.c” in MIT Kerberos 5 also known as krb5 before versions 1.20.2 and 1.21.x before version 1.21.1 exposes an uninitialized pointer. A remotely authenticated user can cause a Kadmind crash. This occurs because the function xdrkadm5principalentrec does not validate the...
JLSEC-2026-92
lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...
EulerOS Virtualization 2.10.1 : krb5 (EulerOS-SA-2026-1124)
According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesse...
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
...
CVE-2025-24528
In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...
CVE-2025-24528
In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...
AZL-74852 CVE-2025-24528 affecting package krb5 for versions less than 1.21.3-3
In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...
AZL-74862 CVE-2025-24528 affecting package krb5 for versions less than 1.19.4-5
In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the resize function in kdblog.c when processing a large update size during incremental propagation. An attacker can cause an out-of-bounds write and crash the kadmind daemon by sending specially crafte...
CVE-2025-24528
CVE-2025-24528 affects MIT Kerberos 5 (krb5) up to but not including 1.22; the issue is an integer overflow in kdb_log.c during a large update resize, which can cause an out-of-bounds write and crash the kadmind daemon after authentication. Public references consistently describe the vulnerabilit...
CVE-2025-24528
In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...
CVE-2025-24528
In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2025-1745)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2025:20303-1 Security update for krb5
This update for krb5 fixes the following issues: - CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash; bsc1236619...
EulerOS 2.0 SP11 : krb5 (EulerOS-SA-2025-1361)
According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped...
Security update for krb5
This update for krb5 fixes the following issues: CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash bsc1236619. Patch Instructions: To...
SUSE-SU-2025:20153-1 Security update for krb5
This update for krb5 fixes the following issues: - CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash bsc1236619...
USN-7314-1 krb5 vulnerabilities
It was discovered that Kerberos incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause Kerberos to consume memory,leading to a denial of service. CVE-2024-26458, CVE-2024-26461 It was discovered that Kerberos incorrectly handled certain memory...
OESA-2025-1135 krb5 security update
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fixes: In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to...
UBUNTU-CVE-2025-24528
In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...