CVE-2025-24528
HIGH7.1EPSS 0.21%krb5 - security update
發布日:2026/1/16修改日:2026/4/28
描述
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
受影響套件(2)
- Debian/krb5from 0, < 1.18.3-6+deb11u6
- Debian/krb5from 0, < 1.18.3-6+deb11u6
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H |