CVE-2025-24528

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-24528
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-24528.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-24528
Downstream
Related
Published
2026-01-16T18:16:06.633Z
Modified
2026-01-30T02:39:00.667050Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H CVSS Calculator
Summary
[none]
Details

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

References

Affected packages

Git / github.com/krb5/krb5

Affected ranges

Type
GIT
Repo
https://github.com/krb5/krb5
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
78ceba024b64d49612375be4a12d1c066b0bfbd0

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "id": "CVE-2025-24528-0cfe26f2",
        "target": {
            "file": "src/lib/kdb/kdb_log.c",
            "function": "store_update"
        },
        "signature_version": "v1",
        "digest": {
            "function_hash": "3074977396827581001495770390110702082",
            "length": 1445.0
        },
        "deprecated": false,
        "source": "https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0"
    },
    {
        "signature_type": "Line",
        "id": "CVE-2025-24528-17fbd852",
        "target": {
            "file": "src/lib/kdb/kdb_log.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "154590554652673707349828605560161903427",
                "38046643150627393312854226398159538810",
                "201488786692955641160190718305003551346",
                "66671922444365937749504965048334541871",
                "18298931351466260204586706074694410302",
                "87129781335719589497701724325756588185",
                "241243179489472849136615009784184167606",
                "106044797657459011981902468428296723685",
                "250965463141842428989390824289987919010",
                "138024478688754077917037225803970980723",
                "310955557866091524613144115260040117002"
            ]
        },
        "deprecated": false,
        "source": "https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0"
    },
    {
        "signature_type": "Function",
        "id": "CVE-2025-24528-d54b7b1a",
        "target": {
            "file": "src/lib/kdb/kdb_log.c",
            "function": "resize"
        },
        "signature_version": "v1",
        "digest": {
            "function_hash": "140837900817891006527778715455940883371",
            "length": 559.0
        },
        "deprecated": false,
        "source": "https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-24528.json"