CVE-2024-26461 — Allocation of Resources Without Limits or Throttling in Kerberos 5

CWE-770 — Allocation of Resources Without Limits or Throttling CWE-401 — Missing Release of Memory after Effective Lifetime9 documents8 sources

Severity

7.5HIGHNVD

OSV5.3

EPSS

0.1%

top 76.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5

Timeline

PublishedFeb 29

Latest updateMar 3

Description

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶Ubuntumit/krb5< 1.17-6ubuntu4.9+2

▶NVDmit/kerberos_51.21.2

🔴Vulnerability Details

OSV

krb5 vulnerabilities↗2025-03-03

▶

GHSA

GHSA-jc8v-q399-gfq9: Kerberos 5 (aka krb5) 1↗2024-02-29

▶

OSV

CVE-2024-26461: Kerberos 5 (aka krb5) 1↗2024-02-29

▶

CVEList

CVE-2024-26461: Kerberos 5 (aka krb5) 1↗2024-02-26

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2025-03-03

▶

Red Hat

krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c↗2024-02-28

▶

Microsoft

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.↗2024-02-13

▶

Debian

CVE-2024-26461: krb5 - Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/l...↗2024

▶