High severity7.1OSV Advisory· Published Jan 16, 2026· Updated Apr 15, 2026
CVE-2025-24528
CVE-2025-24528
Description
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
23- Range: <1.22
- osv-coords21 versionspkg:rpm/almalinux/krb5-develpkg:rpm/almalinux/krb5-libspkg:rpm/almalinux/krb5-pkinitpkg:rpm/almalinux/krb5-serverpkg:rpm/almalinux/krb5-server-ldappkg:rpm/almalinux/krb5-workstationpkg:rpm/almalinux/libkadm5pkg:rpm/opensuse/crypto-policies&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/krb5&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/krb5&distro=openSUSE%20Tumbleweedpkg:rpm/suse/crypto-policies&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Micro%206.1
< 1.18.2-31.el8_10+ 20 more
- (no CPE)range: < 1.18.2-31.el8_10
- (no CPE)range: < 1.18.2-31.el8_10
- (no CPE)range: < 1.18.2-31.el8_10
- (no CPE)range: < 1.18.2-31.el8_10
- (no CPE)range: < 1.18.2-31.el8_10
- (no CPE)range: < 1.18.2-31.el8_10
- (no CPE)range: < 1.18.2-31.el8_10
- (no CPE)range: < 20230920.570ea89-150600.3.3.1
- (no CPE)range: < 1.20.1-150600.11.8.1
- (no CPE)range: < 1.21.3-2.1
- (no CPE)range: < 20230920.570ea89-150600.3.3.1
- (no CPE)range: < 1.19.2-150300.22.1
- (no CPE)range: < 1.19.2-150300.22.1
- (no CPE)range: < 1.19.2-150400.3.15.1
- (no CPE)range: < 1.19.2-150400.3.15.1
- (no CPE)range: < 1.20.1-150500.3.12.1
- (no CPE)range: < 1.20.1-150600.11.8.1
- (no CPE)range: < 1.20.1-150600.11.8.1
- (no CPE)range: < 1.16.3-46.18.1
- (no CPE)range: < 1.20.1-6.1
- (no CPE)range: < 1.21.3-slfo.1.1_2.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.