python-kdcproxy security update

0.3.2-3.0.1 - Use DNS discovery for declared realms only CVE-2025-59088 Orabug: 38745300 - Fix DoS vulnerability based on unbounded TCP buffering CVE-2025-59089...

Fedora 42 : python-kdcproxy (2025-068c570cbf)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-068c570cbf advisory. - New upstream version 1.1.0 - Use DNS discovery for declared realms only CVE-2025-59088 - Fix DoS vulnerability based on unbounded TCP buffering...

python-kdcproxy security update

1.0.0-9 - Use DNS discovery for declared realms only CVE-2025-59088 Resolves: RHEL-122779 - Fix DoS vulnerability based on unbounded TCP buffering CVE-2025-59089 Resolves: RHEL-122778...

python-kdcproxy security update

An update is available for python-kdcproxy. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

python-kdcproxy: Remote DoS via unbounded TCP upstream buffering

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

python-kdcproxy: Remote DoS via unbounded TCP upstream buffering

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

RHEL 9 : python-kdcproxy (RHSA-2025:21448)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21448 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

CVE-2025-59089 Python-kdcproxy: remote dos via unbounded tcp upstream buffering

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

CVE-2025-59089

CVE-2025-59089 is a DoS in python-kdcproxy caused by unbounded TCP buffering and permissive handling of response chunks, enabling memory/CPU exhaustion when kdcproxy connects to attacker-controlled KDCs. Related issue CVE-2025-59088 concerns SSRF via DNS SRV discovery for realms, allowing probing...