CVE-2024-26462

2024-02-2900:00:00

ubuntu.com

cve-2024-26462

kerberos 5

memory leak vulnerability

ndr.c

mdeslaur

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in
/krb5/src/kdc/ndr.c.

Notes

Author	Note
mdeslaur	per upstream: “The ndr.c leak also affects an encoding function, and triggers if the input contains invalid UTF-8. This one might be triggerable by a request (though it may require elevated privilege), but I would not have requested a CVE for it myself.”

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchkrb5< anyUNKNOWN
ubuntu20.04noarchkrb5< anyUNKNOWN
ubuntu22.04noarchkrb5< anyUNKNOWN
ubuntu23.10noarchkrb5< anyUNKNOWN
ubuntu24.04noarchkrb5< anyUNKNOWN
ubuntu14.04noarchkrb5< anyUNKNOWN
ubuntu16.04noarchkrb5< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	krb5	< any	UNKNOWN
ubuntu	20.04	noarch	krb5	< any	UNKNOWN
ubuntu	22.04	noarch	krb5	< any	UNKNOWN
ubuntu	23.10	noarch	krb5	< any	UNKNOWN
ubuntu	24.04	noarch	krb5	< any	UNKNOWN
ubuntu	14.04	noarch	krb5	< any	UNKNOWN
ubuntu	16.04	noarch	krb5	< any	UNKNOWN