Updated: 2026-01-19 03:06:55.080893
Description:
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | MEDIUM | 6.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | krb5 | 1.20.1 | 6.5 | MEDIUM | Released | CLSA-2025:1756110212 | 2025-08-28 01:05:22 | |
| CentOS 7 ELS | krb5 | 1.15.1 | 6.5 | MEDIUM | Ignored | 2025-12-24 05:19:03 | Exposure is limited to Kerberos admin servers (kadmind) with incremental propagation explicitly enab... | |
| CentOS 8.4 ELS | krb5 | 1.18.2-8.3 | 6.5 | MEDIUM | Released | CLSA-2025:1742723370 | 2025-03-24 03:34:05 | |
| CentOS 8.5 ELS | krb5 | 1.18.2-14 | 6.5 | MEDIUM | Released | CLSA-2025:1742662173 | 2025-03-23 03:30:37 | |
| CloudLinux 7 ELS | krb5 | 1.15.1 | 6.5 | MEDIUM | Ignored | 2025-10-31 01:05:19 | ||
| Oracle Linux 7 ELS | krb5 | 1.15.1 | 6.5 | MEDIUM | Released | CLSA-2025:1759506149 | 2025-10-03 21:23:46 | |
| RHEL 7 ELS | krb5 | 1.15.1 | 6.5 | MEDIUM | Released | CLSA-2025:1755791979 | 2025-08-22 01:05:39 |