2266742 – (CVE-2024-26462) CVE-2024-26462 krb5: Memory leak at /krb5/src/kdc/ndr.c

Bug 2266742 (CVE-2024-26462) - CVE-2024-26462 krb5: Memory leak at /krb5/src/kdc/ndr.c

Summary: CVE-2024-26462 krb5: Memory leak at /krb5/src/kdc/ndr.c

Keywords:
Status:	NEW
Alias:	CVE-2024-26462
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2266743
Blocks:	2266745
TreeView+	depends on / blocked

Reported:	2024-02-28 21:16 UTC by Pedro Sampaio
Modified:	2025-05-02 15:43 UTC (History)
CC List:	49 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:9331	0	None	None	None	2024-11-12 09:32:21 UTC

Description Pedro Sampaio 2024-02-28 21:16:33 UTC

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

References:

https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md

Comment 1 Pedro Sampaio 2024-02-28 21:18:04 UTC

Created krb5 tracking bugs for this issue:

Affects: fedora-all [bug 2266743]

Comment 4 errata-xmlrpc 2024-11-12 09:32:18 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9331 https://access.redhat.com/errata/RHSA-2024:9331

Note You need to log in before you can comment on or make changes to this bug.

aarif
abokovoy
agarcial
ahrabovs
aoconnor
aprice
asegurap
aucunnin
bdettelb
caswilli
crizzo
dfreiber
dkuc
doconnor
drow
fjansen
hkataria
jburrell
jdobes
jmitchel
jrische
jsamir
jsherril
jtanner
jvasik
kaycoth
kholdawa
kshier
lcouzens
luizcosta
mpierce
mskarbek
mstoklus
nweather
oezr
omaciel
orabin
psegedy
rblanco
sidakwo
stcannon
sthirugn
teagle
vkrizan
vkumar
vmugicag
xiaoxwan
yguenane
zzhou