VDB
DEBIAN-CVE-2025-24528
DEBIAN-CVE-2025-24528
PUBLISHED
CVSS 7.099999904632568 HIGH
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
Risk Scores
CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | krb5 | 0, 1.20.1-2, 1.20.1-2+deb12u1 |
| Debian:13 | krb5 | 0, 0 |
| Debian:14 | krb5 | 0, 0 |
| Debian:11 | krb5 | 1.18.3-6, 0, 1.18.3-6 |
Exploit Intelligence
- ghost_report_20260112_192608.json (github-poc)
- ghost_report_20260112_175243.json (github-poc)
- ghost_report_20260112_182220.json (github-poc)
- ghost_report_20260113_010235.json (github-poc)
- ghost_report_20260112_182638.json (github-poc)
Timeline
- Jan 16, 2026 CVE Published
- Apr 28, 2026 CVE Updated