EUVD-2026-25993CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
6DescriptionNVD
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
AnalysisAI
Integer underflow in MIT Kerberos 5 before version 1.22.3 allows unauthenticated remote attackers to trigger an out-of-bounds read via crafted NegoEx mechanism messages processed by gss_accept_sec_context(), resulting in denial of service through process termination. The vulnerability requires NegoEx to be registered in the system's GSS mechanism configuration (/etc/gss/mech), limiting exposure in default deployments but affecting Kerberos-enabled authentication services where this mechanism is explicitly enabled.
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today