CVE Vulnerabilities

CVE-2025-24528

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

krb5: overflow when calculating ulog block size

Affected Software List

Name Vendor Version
Red Hat Enterprise Linux 7 Extended Lifecycle Support RedHat krb5-0:1.15.1-55.el7_9.4
Red Hat Enterprise Linux 8 RedHat krb5-0:1.18.2-31.el8_10
Red Hat OpenShift distributed tracing 3.5 RedHat registry.redhat.io/rhosdt/opentelemetry-collector-rhel8:sha256:92613ae031dd45d85151ff1bd0703ee6bbc6842133cdc51b274769122ea40ac8
Red Hat OpenShift distributed tracing 3.5 RedHat registry.redhat.io/rhosdt/opentelemetry-rhel8-operator:sha256:ffd6b70068dd4d6bf7a835c0bbf5b934f26ff2b0f5755130dccb099340550083
Red Hat OpenShift distributed tracing 3.5 RedHat registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8:sha256:cced4191c3e84f44eca2ed486592c473f97fd5cd0941edb9d216051802dad3f7

Ubuntu

In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.

Affected Software List

Name Vendor Version
Krb5 Ubuntu/esm-infra-legacy/trusty TBD
Krb5 Ubuntu/esm-infra/bionic TBD
Krb5 Ubuntu/esm-infra/xenial TBD
Krb5 Ubuntu/focal 1.17-6ubuntu4.9
Krb5 Ubuntu/jammy 1.19.2-2ubuntu0.6
Krb5 Ubuntu/upstream TBD
Krb5 Ubuntu/devel 1.21.3-4ubuntu2
Krb5 Ubuntu/noble 1.20.1-6ubuntu2.5
Krb5 Ubuntu/oracular 1.21.3-3ubuntu0.2