rpm package
almalinux/krb5-xrealmauthz
pkg:rpm/almalinux/krb5-xrealmauthz
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40356 | Med | 5.9 | < 1.21.3-10.el10_2 | 1.21.3-10.el10_2 | Apr 28, 2026 | In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possib | |
| CVE-2026-40355 | Med | 5.9 | < 1.21.3-10.el10_2 | 1.21.3-10.el10_2 | Apr 28, 2026 | In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate |
- affected < 1.21.3-10.el10_2fixed 1.21.3-10.el10_2
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possib
- affected < 1.21.3-10.el10_2fixed 1.21.3-10.el10_2
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate