VDB

DEBIAN-CVE-2025-24528

DEBIAN-CVE-2025-24528 PUBLISHED CVSS 7.099999904632568 HIGH

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

Risk Scores

CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H

Affected Products

VendorProductVersions
Debian:12krb50, 1.20.1-2, 1.20.1-2+deb12u1
Debian:13krb50, 0
Debian:14krb50, 0
Debian:11krb51.18.3-6, 0, 1.18.3-6

Timeline

  • Jan 16, 2026 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›