CVE-2025-24528
published 2026-01-16CVE-2025-24528: In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An…
PriorityP339high7.1CVSS 3.1
AVNACHPRLUINSCCNILAH
EPSS
0.61%
44.5th percentile
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.20.1-2+deb12u3 (bookworm) | krb5 1.20.1-2+deb12u3 (bookworm) |
| mit | kerberos_5 | >= 1.7 < 1.22 | 1.22 |
| mit | krb5 | >= 0 < 1.18.3-6+deb11u6 | 1.18.3-6+deb11u6 |
| mit | krb5 | >= 0 < 1.20.1-2+deb12u3 | 1.20.1-2+deb12u3 |
| mit | krb5 | >= 0 < 1.21.3-5 | 1.21.3-5 |
| mit | krb5 | >= 0 < 1.21.3-5 | 1.21.3-5 |
| mit | krb5 | >= 0 < 1.17-6ubuntu4.9 | 1.17-6ubuntu4.9 |
| mit | krb5 | >= 0 < 1.19.2-2ubuntu0.6 | 1.19.2-2ubuntu0.6 |
| mit | krb5 | >= 0 < 1.20.1-6ubuntu2.5 | 1.20.1-6ubuntu2.5 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H
osv7.1HIGH
vendor_debian7.1HIGH
vendor_redhat7.1HIGH
vendor_ubuntu5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2025-03-03·CVSS 5.3
CVE-2025-24528 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Several security issues were fixed in Kerberos.
It was discovered that Kerberos incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
Kerberos to consume memory,leading to a denial of service. (CVE-2024-26458,
CVE-2024-26461)
It was discovered that Kerberos incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
Kerberos to consume memory,leading to a denial of service. This issue only
affected Ubuntu 24.04 LTS. (CVE-2024-26462)
It was discovered that the Kerberos kadmind daemon incorrectly handled log
files when incremental propagation was enabled. An authenticated attacker
could use this issue to cause kadmind to crash, resulting in a denial of
se
Debian
CVE-2025-24528: krb5 - In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there i...
vendor_debian·2025·CVSS 7.1
CVE-2025-24528 [HIGH] CVE-2025-24528: krb5 - In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there i...
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
Scope: local
bookworm: resolved (fixed in 1.20.1-2+deb12u3)
bullseye: resolved (fixed in 1.18.3-6+deb11u6)
forky: resolved (fixed in 1.21.3-5)
sid: resolved (fixed in 1.21.3-5)
trixie: resolved (fixed in 1.21.3-5)
Red Hat
krb5: overflow when calculating ulog block size
vendor_redhat·2024-01-28·CVSS 7.1
CVE-2025-24528 [HIGH] CWE-787 krb5: overflow when calculating ulog block size
krb5: overflow when calculating ulog block size
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.
Package: aap-cloud-metrics-collector-container (Red Hat Ansible Automation Platform 2) - Not affected
Package: ansible-automation-platform-24/ee-minimal-rhel8 (Red Hat Ansible Automation Platform 2) - Not affected
Package: ansible-automation-platform-25/ansible
OSV
CVE-2025-24528: In MIT Kerberos 5 (aka krb5) before 1
osv·2026-01-16·CVSS 7.1
CVE-2025-24528 [HIGH] CVE-2025-24528: In MIT Kerberos 5 (aka krb5) before 1
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
GHSA
GHSA-wrjh-fhfj-xhfm: In MIT Kerberos 5 (aka krb5) before 1
ghsa_unreviewed·2026-01-16
CVE-2025-24528 [HIGH] CWE-190 GHSA-wrjh-fhfj-xhfm: In MIT Kerberos 5 (aka krb5) before 1
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
OSV
krb5 vulnerabilities
osv·2025-03-03·CVSS 5.3
CVE-2024-26458 [MEDIUM] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that Kerberos incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
Kerberos to consume memory,leading to a denial of service. (CVE-2024-26458,
CVE-2024-26461)
It was discovered that Kerberos incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
Kerberos to consume memory,leading to a denial of service. This issue only
affected Ubuntu 24.04 LTS. (CVE-2024-26462)
It was discovered that the Kerberos kadmind daemon incorrectly handled log
files when incremental propagation was enabled. An authenticated attacker
could use this issue to cause kadmind to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2025-24528)
No detection rules found.
No public exploits indexed.
2026-01-16
Published