Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2025-24528

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

krb5: overflow when calculating ulog block size

Affected Software List

Name Vendor Version
Red Hat Enterprise Linux 7 Extended Lifecycle Support RedHat krb5-0:1.15.1-55.el7_9.4
Red Hat Enterprise Linux 8 RedHat krb5-0:1.18.2-31.el8_10
Red Hat Enterprise Linux 9 RedHat krb5-0:1.21.1-6.el9
Red Hat Enterprise Linux 9 RedHat krb5-0:1.21.1-6.el9
Red Hat Discovery 1.14 RedHat discovery/discovery-server-rhel9:sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63
Red Hat Discovery 1.14 RedHat discovery/discovery-ui-rhel9:sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644
Red Hat OpenShift distributed tracing 3.5 RedHat rhosdt/opentelemetry-collector-rhel8:sha256:f9ec6952abc11519409299f0dfffae3b520395cc122d1f2cd375d65492c6aed7
Red Hat OpenShift distributed tracing 3.5 RedHat rhosdt/opentelemetry-rhel8-operator:sha256:adb1f41e544331b0936c6591edb00c169a9e5a2592c12f6ee55aaab8786ff5ba
Red Hat OpenShift distributed tracing 3.5 RedHat rhosdt/opentelemetry-target-allocator-rhel8:sha256:0742729985d0b1ce925bdaaa92c2bb42272902f4c2e93038c0fcf171c7baf03f

Ubuntu

In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.

Affected Software List

Name Vendor Version
Krb5 Ubuntu/devel 1.21.3-4ubuntu2
Krb5 Ubuntu/esm-infra-legacy/trusty TBD
Krb5 Ubuntu/esm-infra/bionic TBD
Krb5 Ubuntu/focal 1.17-6ubuntu4.9
Krb5 Ubuntu/noble 1.20.1-6ubuntu2.5
Krb5 Ubuntu/oracular 1.21.3-3ubuntu0.2
Krb5 Ubuntu/plucky 1.21.3-4ubuntu2
Krb5 Ubuntu/questing 1.21.3-4ubuntu2
Krb5 Ubuntu/esm-infra/focal 1.17-6ubuntu4.9
Krb5 Ubuntu/esm-infra/xenial TBD
Krb5 Ubuntu/jammy 1.19.2-2ubuntu0.6
Krb5 Ubuntu/upstream TBD
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use