2266731 – (CVE-2024-26458) CVE-2024-26458 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

Bug 2266731 (CVE-2024-26458) - CVE-2024-26458 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

Summary: CVE-2024-26458 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

Keywords:
Status:	NEW
Alias:	CVE-2024-26458
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2266732
Blocks:	2266745
TreeView+	depends on / blocked

Reported:	2024-02-28 20:58 UTC by Pedro Sampaio
Modified:	2024-04-12 23:59 UTC (History)
CC List:	35 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2024-02-28 20:58:55 UTC

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

References:

https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md

Comment 1 Pedro Sampaio 2024-02-28 20:59:09 UTC

Created krb5 tracking bugs for this issue:

Affects: fedora-all [bug 2266732]

Note You need to log in before you can comment on or make changes to this bug.

aarif
agarcial
aoconnor
aprice
asegurap
bdettelb
caswilli
dfreiber
dhalasz
dkuc
drow
fjansen
hkataria
jburrell
jmitchel
jsamir
jsherril
jtanner
kaycoth
kshier
luizcosta
mpierce
nweather
omaciel
orabin
psegedy
sidakwo
stcannon
sthirugn
vkrizan
vkumar
vmugicag
xiaoxwan
yguenane
zzhou