CVE-2024-26458

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Name	Vendor	Start Version	End Version
Kerberos_5	Mit	1.21.2 (including)	1.21.2 (including)
Red Hat Enterprise Linux 8	RedHat	krb5-0:1.18.2-27.el8_10	*
Red Hat Enterprise Linux 9	RedHat	krb5-0:1.21.1-3.el9	*
Red Hat Enterprise Linux 9	RedHat	krb5-0:1.21.1-3.el9	*
Krb5	Ubuntu	bionic	*
Krb5	Ubuntu	devel	*
Krb5	Ubuntu	esm-infra-legacy/trusty	*
Krb5	Ubuntu	esm-infra/bionic	*
Krb5	Ubuntu	esm-infra/xenial	*
Krb5	Ubuntu	focal	*
Krb5	Ubuntu	jammy	*
Krb5	Ubuntu	mantic	*
Krb5	Ubuntu	noble	*
Krb5	Ubuntu	oracular	*
Krb5	Ubuntu	plucky	*
Krb5	Ubuntu	trusty	*
Krb5	Ubuntu	trusty/esm	*
Krb5	Ubuntu	xenial	*

Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
For example, glibc in Linux provides protection against free of invalid pointers.
When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-26458
CWE	https://cwe.mitre.org/data/definitions/401.html

Missing Release of Memory after Effective Lifetime