Skip to main content

Red Hat CVE-2025-24528

HIGH
Integer Overflow or Wraparound (CWE-190)
2026-01-16 cve@mitre.org
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H
SUSE
HIGH
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 16, 2026 - 18:16 nvd
HIGH 7.1

DescriptionCVE.org

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

AnalysisAI

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash. [CVSS 7.1 HIGH]

Technical ContextAI

Classified as CWE-190 (Integer Overflow or Wraparound). In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

Affected ProductsAI

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Vendor StatusVendor

SUSE

Severity: High
Product Status
Container bci/dotnet-aspnet:8.0.16-11.6 Container bci/dotnet-aspnet:9.0 Container bci/dotnet-runtime:8.0.16-11.6 Container bci/dotnet-runtime:9.0 Container bci/dotnet-sdk:8.0.16-11.6 Container bci/dotnet-sdk:9.0 Container suse/helm:3.17.3-8.1 Container suse/manager/5.0/x86_64/server-attestation:5.0.3.6.11.3 Container suse/multi-linux-manager/5.1/x86_64/server-attestation:5.1.0.6.20 Image server-attestation-image Affected
Container bci/gcc:latest Container bci/golang:1.23.10-2.7.6 Container bci/golang:1.24.3-openssl-12.1 Container bci/golang:oldstable-openssl-11.6 Container bci/kiwi:9.24.43-10.1 Container bci/nodejs:22.13.1-31.11 Container bci/openjdk-devel:17.0.15.0-7.6 Container bci/openjdk-devel:25.0.1.0-2.1 Container bci/openjdk:17.0.15.0-7.6 Container bci/openjdk:25.0.1.0-2.1 Container bci/php-apache:8.3.19-10.1 Container bci/php-fpm:8.3.19-10.1 Container bci/php:8.3.19-10.1 Container bci/python:3.6.15-2.3 Container bci/ruby:latest Container bci/rust:1.86.0-2.2.6 Container bci/rust:1.87.0-1.3.1 Container containers/apache-tomcat:10.1.34-openjdk11-62.17 Container containers/apache-tomcat:10.1.34-openjdk17-62.17 Container containers/apache-tomcat:10.1.34-openjdk21-62.17 Container containers/apache-tomcat:9.0.98-openjdk11-62.18 Container containers/apache-tomcat:9.0.98-openjdk17-62.18 Container containers/apache-tomcat:9.0.98-openjdk21-62.18 Container containers/apache-tomcat:9.0.98-openjdk8-62.18 Container containers/lmcache-lmstack-router:0.1.6-1.2 Container containers/lmcache-vllm-openai:0.3.2-1.2 Container containers/milvus:2.4.6-7.29 Container containers/ollama:0 Container containers/open-webui-mcpo:0.0.17-1.1 Container containers/open-webui-pipelines:0.20250329.151219-3.2 Container containers/open-webui:0 Container containers/python:3.11.10-44.18 Container containers/python:3.9.21-51.20 Container containers/pytorch:2.5.0-2.1 Container containers/pytorch:2.5.0-nvidia-1.2 Container containers/vllm-openai:0.9.1-1.2 Container private-registry/harbor-core:1.1.0-1.1 Container private-registry/harbor-db:2.12.2-2.16 Container private-registry/harbor-exporter:1.1.0-1.1 Container private-registry/harbor-jobservice:1.1.0-1.1 Container private-registry/harbor-nginx:1.21.5-2.15 Container private-registry/harbor-portal:1.1.0-1.1 Container private-registry/harbor-registry:1.1.0-1.1 Container private-registry/harbor-registryctl:1.1.0-1.1 Container private-registry/harbor-trivy-adapter:1.1.0-1.1 Container private-registry/harbor-valkey:8.0.2-2.17 Container suse/bind:9-36.5 Container suse/git:2 Container suse/hpc/warewulf4-x86_64/sle-hpc-node:15.7.20.5.1 Container suse/kiosk/firefox-esr:esr Container suse/kiosk/pulseaudio:17 Container suse/kiosk/xorg:21 Container suse/manager/5.0/x86_64/proxy-httpd:5.0.4.7.17.1 Container suse/manager/5.0/x86_64/proxy-salt-broker:5.0.4.7.19.1 Container suse/manager/5.0/x86_64/proxy-squid:5.0.4.7.17.1 Container suse/manager/5.0/x86_64/proxy-ssh:5.0.4.7.17.1 Container suse/manager/5.0/x86_64/proxy-tftpd:5.0.4.7.17.1 Container suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.4.6.17.1 Container suse/manager/5.0/x86_64/server-migration-14-16:5.0.4.7.14.1 Container suse/manager/5.0/x86_64/server:5.0.3.7.16.1 Container suse/mariadb-client:10.11 Container suse/mariadb:10.11 Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.0.6.27 Container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.0.7.32 Container suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.0.6.21 Container suse/multi-linux-manager/5.1/x86_64/proxy-ssh:5.1.0.6.20 Container suse/multi-linux-manager/5.1/x86_64/proxy-tftpd:5.1.0.6.19 Container suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api:5.1.0.6.21 Container suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:5.1.0.6.27 Container suse/multi-linux-manager/5.1/x86_64/server-postgresql:5.1.2.6.13.1 Container suse/multi-linux-manager/5.1/x86_64/server-saline:5.1.2.9.13.1 Container suse/multi-linux-manager/5.1/x86_64/server:5.1.0.6.40 Container suse/nginx:1.21-51.19 Container suse/pcp:6 Container suse/postgres:16.9-13.5 Container suse/postgres:18.1-61.1 Container suse/registry:2.8 Container suse/rmt-server:2.21-9.1 Container suse/sles/15.7/cdi-apiserver:1.58.0.27.113 Container suse/sles/15.7/cdi-cloner:1.58.0.28.113 Container suse/sles/15.7/cdi-controller:1.58.0.27.113 Container suse/sles/15.7/cdi-importer:1.58.0.29.83 Container suse/sles/15.7/cdi-operator:1.58.0.27.113 Container suse/sles/15.7/cdi-uploadproxy:1.58.0.27.113 Container suse/sles/15.7/cdi-uploadserver:1.58.0.28.126 Container suse/sles/15.7/libguestfs-tools:1.5.0 Container suse/sles/15.7/pr-helper:1.5.0.22.9 Container suse/sles/15.7/virt-api:1.5.0 Container suse/sles/15.7/virt-controller:1.5.0 Container suse/sles/15.7/virt-exportproxy:1.5.0 Container suse/sles/15.7/virt-exportserver:1.5.0 Container suse/sles/15.7/virt-handler:1.5.0 Container suse/sles/15.7/virt-launcher:1.5.0 Container suse/sles/15.7/virt-operator:1.5.0 Container suse/stunnel:5.70-61.1 Container suse/valkey:8.0.2-37.12 Container trento/trento-wanda:1.5.0-build1.29.1 Container trento/trento-web:2.5.0-build4.52.1 Image SLES15-SP6-CHOST-BYOS Image SLES15-SP6-CHOST-BYOS-Aliyun Image SLES15-SP6-CHOST-BYOS-Azure Image SLES15-SP6-CHOST-BYOS-EC2 Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP6-CHOST-BYOS-GDC Image SLES15-SP6-CHOST-BYOS-SAP-CCloud Image SLES15-SP7-CHOST-BYOS-Aliyun Image SLES15-SP7-CHOST-BYOS-Azure Image SLES15-SP7-CHOST-BYOS-EC2 Image SLES15-SP7-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GDC Image SLES15-SP7-CHOST-BYOS-SAP-CCloud Image ai_15_6 Image pr_15_6 Image pr_15_7 Image proxy-httpd-image Image proxy-salt-broker-image Image proxy-squid-image Image proxy-ssh-image Image proxy-tftpd-image Image python_15_6 Image server-database-migration-image Image server-hub-xmlrpc-api-image Image server-image Image server-migration-14-16-image Image server-postgresql-image Image server-saline-image Affected
Container suse/389-ds:2.5.3-61.1 Image SLES15-SP6 Image SLES15-SP6-Azure-3P Image SLES15-SP6-Azure-Basic Image SLES15-SP6-Azure-Standard Image SLES15-SP6-BYOS Image SLES15-SP6-BYOS-Azure Image SLES15-SP6-BYOS-EC2 Image SLES15-SP6-BYOS-GCE Image SLES15-SP6-EC2 Image SLES15-SP6-EC2-ECS-HVM Image SLES15-SP6-GCE Image SLES15-SP6-HPC Image SLES15-SP6-HPC-Azure Image SLES15-SP6-HPC-BYOS Image SLES15-SP6-HPC-BYOS-Azure Image SLES15-SP6-HPC-BYOS-EC2 Image SLES15-SP6-HPC-BYOS-GCE Image SLES15-SP6-HPC-EC2 Image SLES15-SP6-HPC-GCE Image SLES15-SP6-Hardened-BYOS Image SLES15-SP6-Hardened-BYOS-Azure Image SLES15-SP6-Hardened-BYOS-EC2 Image SLES15-SP6-Hardened-BYOS-GCE Image SLES15-SP6-SAP-Azure-3P Image SLES15-SP6-SAP-BYOS Image SLES15-SP6-SAP-BYOS-Azure Image SLES15-SP6-SAP-BYOS-EC2 Image SLES15-SP6-SAP-BYOS-GCE Image SLES15-SP6-SAP-Hardened Image SLES15-SP6-SAP-Hardened-Azure Image SLES15-SP6-SAP-Hardened-BYOS Image SLES15-SP6-SAP-Hardened-BYOS-Azure Image SLES15-SP6-SAP-Hardened-BYOS-EC2 Image SLES15-SP6-SAP-Hardened-BYOS-GCE Image SLES15-SP6-SAP-Hardened-EC2 Image SLES15-SP6-SAP-Hardened-GCE Image SLES15-SP7-Azure-3P Image SLES15-SP7-Azure-Basic Image SLES15-SP7-Azure-Standard Image SLES15-SP7-BYOS-Azure Image SLES15-SP7-BYOS-EC2 Image SLES15-SP7-BYOS-GCE Image SLES15-SP7-EC2 Image SLES15-SP7-EC2-ECS-HVM Image SLES15-SP7-GCE Image SLES15-SP7-GCE-3P Image SLES15-SP7-HPC-Azure Image SLES15-SP7-HPC-BYOS-Azure Image SLES15-SP7-HPC-BYOS-EC2 Image SLES15-SP7-HPC-BYOS-GCE Image SLES15-SP7-Hardened-BYOS-Azure Image SLES15-SP7-Hardened-BYOS-EC2 Image SLES15-SP7-Hardened-BYOS-GCE Image SLES15-SP7-SAP-Azure Image SLES15-SP7-SAP-Azure-3P Image SLES15-SP7-SAP-BYOS-Azure Image SLES15-SP7-SAP-BYOS-EC2 Image SLES15-SP7-SAP-BYOS-GCE Image SLES15-SP7-SAP-EC2 Image SLES15-SP7-SAP-GCE Image SLES15-SP7-SAP-GCE-3P Image SLES15-SP7-SAP-Hardened-Azure Image SLES15-SP7-SAP-Hardened-BYOS-Azure Image SLES15-SP7-SAP-Hardened-BYOS-EC2 Image SLES15-SP7-SAP-Hardened-BYOS-GCE Image SLES15-SP7-SAP-Hardened-GCE Affected
Container suse/ltss/sle12.5/sles12sp5:8.5.55 Image SLES12-SP5-EC2-ECS-On-Demand Affected
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.6 Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE Affected

Share

CVE-2025-24528 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy