CVE-2025-24528
Published: January 30, 2025Last modified: August 21, 2025
Description
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.1 |
| Attack Vector | NETWORK |
| Attack complexity | HIGH |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | CHANGED |
| Confidentiality | NONE |
| Integrity impact | LOW |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H |
Notes
Fixed by: https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 in krb5-1.22-beta1
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | krb5 | Fixed (1.20.2-r3) |
| 25 LTS | krb5 | Fixed (1.21.3-r1) | |
| Stream | krb5 | Fixed (1.21.3-r1) |