CVE-2025-24528

ADVISORY - ubuntu

Summary

In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.

Common Weakness Enumeration (CWE)

Impacted images

Advisories

Ubuntu

CREATED

4 months ago

UPDATED

10 days ago

ADVISORY IDCVE-2025-24528⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
ubuntu/krb5	deb	ubuntu	22.04	<1.19.2-2ubuntu0.6	1.19.2-2ubuntu0.6
ubuntu/krb5	deb	ubuntu	24.04	<1.20.1-6ubuntu2.5	1.20.1-6ubuntu2.5
ubuntu/krb5	deb	ubuntu	25.04	<1.21.3-4ubuntu2	1.21.3-4ubuntu2
ubuntu/krb5	deb	ubuntu	24.10	<1.21.3-3ubuntu0.2	1.21.3-3ubuntu0.2
ubuntu/krb5	deb	ubuntu	20.04	<1.17-6ubuntu4.9	1.17-6ubuntu4.9

Severity and metrics

No CVSS data available from this advisory.

Debian

CREATED

4 months ago

UPDATED

4 hours ago

ADVISORY IDCVE-2025-24528⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Alma

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDALSA-2025:2722⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Rocky

CREATED

10 days ago

UPDATED

10 days ago

ADVISORY IDRLSA-2025:2722⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Oracle

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDELSA-2025-1352⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDELSA-2025-2722⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium