CVE-2024-26462Missing Release of Memory after Effective Lifetime in Kerberos 5

CWE-401Missing Release of Memory after Effective Lifetime9 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 93.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MIT Krb5MIT Kerberos 5
Timeline
PublishedFeb 29
Latest updateMar 3

Description

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianmit/krb5< 1.20.1-2+deb12u3+2
NVDmit/kerberos_51.21.2

🔴Vulnerability Details

4
OSV
krb5 vulnerabilities2025-03-03
OSV
CVE-2024-26462: Kerberos 5 (aka krb5) 12024-02-29
GHSA
GHSA-rgrc-qmj6-x9mf: Kerberos 5 (aka krb5) 12024-02-29
CVEList
CVE-2024-26462: Kerberos 5 (aka krb5) 12024-02-26

📋Vendor Advisories

4
Ubuntu
Kerberos vulnerabilities2025-03-03
Red Hat
krb5: Memory leak at /krb5/src/kdc/ndr.c2024-02-28
Microsoft
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.2024-02-13
Debian
CVE-2024-26462: krb5 - Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/k...2024
CVE-2024-26462 — MIT Kerberos 5 vulnerability | cvebase