CVE-2024-26458Missing Release of Memory after Effective Lifetime in Kerberos 5

CWE-401Missing Release of Memory after Effective Lifetime9 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 51.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MIT Krb5MIT Kerberos 5
Timeline
PublishedFeb 29
Latest updateMar 3

Description

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

Ubuntumit/krb5< 1.17-6ubuntu4.9+2
NVDmit/kerberos_51.21.2

🔴Vulnerability Details

4
OSV
krb5 vulnerabilities2025-03-03
OSV
CVE-2024-26458: Kerberos 5 (aka krb5) 12024-02-29
GHSA
GHSA-qp5h-mm28-4jq3: Kerberos 5 (aka krb5) 12024-02-29
CVEList
CVE-2024-26458: Kerberos 5 (aka krb5) 12024-02-26

📋Vendor Advisories

4
Ubuntu
Kerberos vulnerabilities2025-03-03
Red Hat
krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c2024-02-28
Microsoft
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.2024-02-13
Debian
CVE-2024-26458: krb5 - Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rm...2024
CVE-2024-26458 — MIT Kerberos 5 vulnerability | cvebase