Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2025-24528

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

krb5: overflow when calculating ulog block size

Affected Software List

Name Vendor Version
Red Hat Enterprise Linux 7 Extended Lifecycle Support RedHat krb5-0:1.15.1-55.el7_9.4
Red Hat Enterprise Linux 8 RedHat krb5-0:1.18.2-31.el8_10
Red Hat Enterprise Linux 9 RedHat krb5-0:1.21.1-6.el9
Red Hat Enterprise Linux 9 RedHat krb5-0:1.21.1-6.el9
Red Hat Discovery 1.14 RedHat discovery/discovery-server-rhel9:sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63
Red Hat Discovery 1.14 RedHat discovery/discovery-ui-rhel9:sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644
Red Hat OpenShift distributed tracing 3.5.2 RedHat rhosdt/opentelemetry-collector-rhel8:sha256:8b7455c14f26b80006568829343688b50ad1c563d339c35f70eb7d561499bc1c
Red Hat OpenShift distributed tracing 3.5.2 RedHat rhosdt/opentelemetry-rhel8-operator:sha256:e2375ae72ddda9e05e66972adb7bf953bfbf220dcc8b36d6eb1ab76d9e96ff5d
Red Hat OpenShift distributed tracing 3.5.2 RedHat rhosdt/opentelemetry-target-allocator-rhel8:sha256:cced4191c3e84f44eca2ed486592c473f97fd5cd0941edb9d216051802dad3f7

Ubuntu

In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.

Affected Software List

Name Vendor Version
Krb5 Ubuntu/devel 1.21.3-4ubuntu2
Krb5 Ubuntu/esm-infra/bionic TBD
Krb5 Ubuntu/esm-infra/focal 1.17-6ubuntu4.9
Krb5 Ubuntu/esm-infra/xenial TBD
Krb5 Ubuntu/noble 1.20.1-6ubuntu2.5
Krb5 Ubuntu/oracular 1.21.3-3ubuntu0.2
Krb5 Ubuntu/plucky 1.21.3-4ubuntu2
Krb5 Ubuntu/questing 1.21.3-4ubuntu2
Krb5 Ubuntu/esm-infra-legacy/trusty TBD
Krb5 Ubuntu/focal 1.17-6ubuntu4.9
Krb5 Ubuntu/jammy 1.19.2-2ubuntu0.6
Krb5 Ubuntu/upstream TBD
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use