Lucene search
K

69 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in krb5

The file “lib/kadm5/kadmrpcxdr.c” in MIT Kerberos 5 also known as krb5 before versions 1.20.2 and 1.21.x before version 1.21.1 exposes an uninitialized pointer. A remotely authenticated user can cause a Kadmind crash. This occurs because the function xdrkadm5principalentrec does not validate the...

6.5CVSS6.8AI score0.02107EPSS
Exploits0References2
OSV
OSV
added 2026/04/13 2:33 p.m.3 views

JLSEC-2026-92

lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...

6.5CVSS7AI score0.02107EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

EulerOS Virtualization 2.10.1 : krb5 (EulerOS-SA-2026-1124)

According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesse...

7.1CVSS5.9AI score0.00606EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/01/21 9:4 a.m.5 views

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

...

7.1CVSS5.4AI score0.00606EPSS
Exploits0
OSV
OSV
added 2026/01/16 6:16 p.m.5 views

CVE-2025-24528

In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...

7.1CVSS7.2AI score
Exploits0References3
NVD
NVD
added 2026/01/16 6:16 p.m.3 views

CVE-2025-24528

In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...

7.1CVSS0.00606EPSS
Exploits0References3
OSV
OSV
added 2026/01/16 6:16 p.m.13 views

AZL-74852 CVE-2025-24528 affecting package krb5 for versions less than 1.21.3-3

In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...

7.1CVSS7AI score0.00606EPSS
Exploits0References1
OSV
OSV
added 2026/01/16 6:16 p.m.11 views

AZL-74862 CVE-2025-24528 affecting package krb5 for versions less than 1.19.4-5

In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...

7.1CVSS7AI score0.00606EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/16 5:53 p.m.2 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the resize function in kdblog.c when processing a large update size during incremental propagation. An attacker can cause an out-of-bounds write and crash the kadmind daemon by sending specially crafte...

7.1CVSS7AI score0.00606EPSS
Exploits0References2
CVE
CVE
added 2026/01/16 12:0 a.m.462 views

CVE-2025-24528

CVE-2025-24528 affects MIT Kerberos 5 (krb5) up to but not including 1.22; the issue is an integer overflow in kdb_log.c during a large update resize, which can cause an out-of-bounds write and crash the kadmind daemon after authentication. Public references consistently describe the vulnerabilit...

7.1CVSS7.2AI score0.00606EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/16 12:0 a.m.6 views

CVE-2025-24528

In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...

7.1CVSS5.6AI score0.00606EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/16 12:0 a.m.3 views

CVE-2025-24528

In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...

7.1CVSS6.8AI score0.00606EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/08/06 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2025-1745)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS7.2AI score0.00606EPSS
Exploits0References2
OSV
OSV
added 2025/05/08 12:22 p.m.3 views

SUSE-SU-2025:20303-1 Security update for krb5

This update for krb5 fixes the following issues: - CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash; bsc1236619...

7.1CVSS7.2AI score0.00606EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/04/11 12:0 a.m.7 views

EulerOS 2.0 SP11 : krb5 (EulerOS-SA-2025-1361)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped...

7.1CVSS6.8AI score0.00606EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/03/19 10:50 a.m.3 views

Security update for krb5

This update for krb5 fixes the following issues: CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash bsc1236619. Patch Instructions: To...

6.5CVSS7.4AI score0.00606EPSS
Exploits0References4
OSV
OSV
added 2025/03/19 10:42 a.m.5 views

SUSE-SU-2025:20153-1 Security update for krb5

This update for krb5 fixes the following issues: - CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash bsc1236619...

7.1CVSS7.2AI score0.00606EPSS
Exploits0References3
OSV
OSV
added 2025/03/03 12:40 p.m.5 views

USN-7314-1 krb5 vulnerabilities

It was discovered that Kerberos incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause Kerberos to consume memory,leading to a denial of service. CVE-2024-26458, CVE-2024-26461 It was discovered that Kerberos incorrectly handled certain memory...

7.5CVSS7.1AI score0.01128EPSS
Exploits3References5
OSV
OSV
added 2025/02/14 12:13 p.m.3 views

OESA-2025-1135 krb5 security update

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fixes: In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to...

7.1CVSS7AI score0.00606EPSS
Exploits0References2
OSV
OSV
added 2025/01/31 12:0 a.m.5 views

UBUNTU-CVE-2025-24528

In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...

7.1CVSS7AI score0.00606EPSS
Exploits0References3
Rows per page
Query Builder