This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.
This page will reflect the classification results once they are available through NVD.
Any vendor information available is shown as below.
krb5: overflow when calculating ulog block size
| Name | Vendor | Version |
|---|---|---|
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | krb5-0:1.15.1-55.el7_9.4 |
| Red Hat Enterprise Linux 8 | RedHat | krb5-0:1.18.2-31.el8_10 |
| Red Hat OpenShift distributed tracing 3.5.1 | RedHat | registry.redhat.io/rhosdt/opentelemetry-collector-rhel8:sha256:f9ec6952abc11519409299f0dfffae3b520395cc122d1f2cd375d65492c6aed7 |
| Red Hat OpenShift distributed tracing 3.5.1 | RedHat | registry.redhat.io/rhosdt/opentelemetry-rhel8-operator:sha256:e2375ae72ddda9e05e66972adb7bf953bfbf220dcc8b36d6eb1ab76d9e96ff5d |
| Red Hat OpenShift distributed tracing 3.5.1 | RedHat | registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8:sha256:0742729985d0b1ce925bdaaa92c2bb42272902f4c2e93038c0fcf171c7baf03f |
In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.
| Name | Vendor | Version |
|---|---|---|
| Krb5 | Ubuntu/devel | 1.21.3-4ubuntu2 |
| Krb5 | Ubuntu/esm-infra-legacy/trusty | TBD |
| Krb5 | Ubuntu/esm-infra/bionic | TBD |
| Krb5 | Ubuntu/noble | 1.20.1-6ubuntu2.5 |
| Krb5 | Ubuntu/oracular | 1.21.3-3ubuntu0.2 |
| Krb5 | Ubuntu/plucky | 1.21.3-4ubuntu2 |
| Krb5 | Ubuntu/upstream | TBD |
| Krb5 | Ubuntu/esm-infra/xenial | TBD |
| Krb5 | Ubuntu/focal | 1.17-6ubuntu4.9 |
| Krb5 | Ubuntu/jammy | 1.19.2-2ubuntu0.6 |