Bug 2438715 (CVE-2026-25506)
| Summary: | CVE-2026-25506 MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | asoldano, bbaranow, bglick, bmaxwell, brian.stansberry, darran.lofthouse, d.hempston, dosoudil, gmalinko, gotiwari, istudens, ivassile, iweiss, janstey, jgrulich, jhorak, matthew.w.lesko, mosmerov, msvehla, mvyas, nwallace, pberan, pdelbell, pesilva, pjindal, pmackay, ppisar, rstancel, rstepani, s.butcher, smaestri, tom.jenkinson, tpopela, woodard |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A buffer overflow vulnerability was discovered in the MUNGE authentication daemon (munged). In affected versions, a local attacker can potentially leak secret cryptographic key material from the daemon's memory by sending a specially crafted message with an oversized address field. With the leaked key, an attacker could forge authentication credentials to impersonate any user, potentially escalating privileges in systems that rely on MUNGE for identity verification.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2438832, 2438833, 2438926, 2438927, 2438928, 2438929, 2438930, 2438931, 2438932, 2438933, 2438934 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-02-10 20:03:09 UTC
It looks like this has been patched in v0.5.18 https://github.com/dun/munge/releases/tag/munge-0.5.18 should we expect this to be back ported to RHEL 8.10 which uses v0.5.13? This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:2918 https://access.redhat.com/errata/RHSA-2026:2918 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:2923 https://access.redhat.com/errata/RHSA-2026:2923 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:2934 https://access.redhat.com/errata/RHSA-2026:2934 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:2949 https://access.redhat.com/errata/RHSA-2026:2949 This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:2954 https://access.redhat.com/errata/RHSA-2026:2954 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2026:3011 https://access.redhat.com/errata/RHSA-2026:3011 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:3012 https://access.redhat.com/errata/RHSA-2026:3012 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2026:3013 https://access.redhat.com/errata/RHSA-2026:3013 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:3010 https://access.redhat.com/errata/RHSA-2026:3010 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:3033 https://access.redhat.com/errata/RHSA-2026:3033 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:3032 https://access.redhat.com/errata/RHSA-2026:3032 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:3034 https://access.redhat.com/errata/RHSA-2026:3034 |