Munge

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-25506 HIGH PATCH This Week

Buffer overflow in MUNGE authentication daemon (versions 0.5 to 0.5.17) allows local attackers to extract cryptographic key material from memory, enabling forgery of credentials to impersonate any user on systems relying on MUNGE for authentication. By sending a crafted message with an oversized address length field, an attacker can corrupt the daemon's internal state and retrieve the MAC subkey used for credential verification. The vulnerability affects Debian Linux and other distributions packaging affected MUNGE versions; patching to 0.5.18 or later is available.

Buffer Overflow Munge Debian Linux Redhat Suse
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-25506
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Buffer overflow in MUNGE authentication daemon (versions 0.5 to 0.5.17) allows local attackers to extract cryptographic key material from memory, enabling forgery of credentials to impersonate any user on systems relying on MUNGE for authentication. By sending a crafted message with an oversized address length field, an attacker can corrupt the daemon's internal state and retrieve the MAC subkey used for credential verification. The vulnerability affects Debian Linux and other distributions packaging affected MUNGE versions; patching to 0.5.18 or later is available.

Buffer Overflow Munge Debian Linux +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy