2266742 – (CVE-2024-26462) CVE-2024-26462 krb5: Memory leak at /krb5/src/kdc/ndr.c

Bug 2266742 (CVE-2024-26462) - CVE-2024-26462 krb5: Memory leak at /krb5/src/kdc/ndr.c

Summary: CVE-2024-26462 krb5: Memory leak at /krb5/src/kdc/ndr.c

Keywords:
Status:	NEW
Alias:	CVE-2024-26462
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2266743
Blocks:	2266745
TreeView+	depends on / blocked

Reported:	2024-02-28 21:16 UTC by Pedro Sampaio
Modified:	2024-04-13 00:09 UTC (History)
CC List:	35 users (show)
Fixed In Version:
Doc Type:	---
Doc Text:	A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2024-02-28 21:16:33 UTC

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

References:

https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md

Comment 1 Pedro Sampaio 2024-02-28 21:18:04 UTC

Created krb5 tracking bugs for this issue:

Affects: fedora-all [bug 2266743]

Note You need to log in before you can comment on or make changes to this bug.

aarif
agarcial
aoconnor
aprice
asegurap
bdettelb
caswilli
dfreiber
dhalasz
dkuc
drow
fjansen
hkataria
jburrell
jmitchel
jsamir
jsherril
jtanner
kaycoth
kshier
luizcosta
mpierce
nweather
omaciel
orabin
psegedy
sidakwo
stcannon
sthirugn
vkrizan
vkumar
vmugicag
xiaoxwan
yguenane
zzhou