PT-2024-1908 · Unknown+8 · Kerberos 5+8

Lumingyin

Published

2024-02-26

Updated

2025-03-25

CVE-2024-26462

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Kerberos 5 (aka krb5) version 1.21.2

Description The issue is related to a memory leak in the /krb5/src/kdc/ndr.c component of the Kerberos 5 implementation. This memory leak vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For Kerberos 5 (aka krb5) version 1.21.2, consider restricting access to the vulnerable component /krb5/src/kdc/ndr.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALSA-2024:9331

AZL-35480

BDU:2024-01687

CVE-2024-26462

ECHO-F677-6A69-33F8

INFSA-2024_9331

OPENSUSE-SU-2024:13921-1

RHSA-2024:9331

RHSA-2024_9331

SUSE-SU-2024:0997-1

SUSE-SU-2025:20051-1

USN-7314-1

Affected Products

Almalinux

Astra Linux

Debian

Kerberos 5

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

PT-2024-1908 · Unknown+8 · Kerberos 5+8

CVE-2024-26462

Weakness Enumeration

Related Identifiers

Affected Products

References · 50