{
  "threat_severity" : "Moderate",
  "public_date" : "2024-01-28T00:00:00Z",
  "bugzilla" : {
    "description" : "krb5: overflow when calculating ulog block size",
    "id" : "2342796",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2342796"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-787",
  "details" : [ "In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.", "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-02-12T00:00:00Z",
    "advisory" : "RHSA-2025:1352",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "krb5-0:1.15.1-55.el7_9.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-03-13T00:00:00Z",
    "advisory" : "RHSA-2025:2722",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "krb5-0:1.18.2-31.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:7067",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "krb5-0:1.21.1-6.el9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:7067",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "krb5-0:1.21.1-6.el9"
  }, {
    "product_name" : "Red Hat Discovery 1.14",
    "release_date" : "2025-06-02T00:00:00Z",
    "advisory" : "RHSA-2025:8385",
    "cpe" : "cpe:/a:redhat:discovery:1.14::el9",
    "package" : "discovery/discovery-server-rhel9:sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c"
  }, {
    "product_name" : "Red Hat Discovery 1.14",
    "release_date" : "2025-06-02T00:00:00Z",
    "advisory" : "RHSA-2025:8385",
    "cpe" : "cpe:/a:redhat:discovery:1.14::el9",
    "package" : "discovery/discovery-ui-rhel9:sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644"
  }, {
    "product_name" : "Red Hat OpenShift distributed tracing 3.5.1",
    "release_date" : "2025-03-13T00:00:00Z",
    "advisory" : "RHSA-2025:2789",
    "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8",
    "package" : "rhosdt/opentelemetry-collector-rhel8:sha256:12407a15fefa30bb851444d27b00e1815970ae085deca7c17537612ec9e4bff6"
  }, {
    "product_name" : "Red Hat OpenShift distributed tracing 3.5.1",
    "release_date" : "2025-03-13T00:00:00Z",
    "advisory" : "RHSA-2025:2789",
    "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8",
    "package" : "rhosdt/opentelemetry-rhel8-operator:sha256:7e0320614f3be4e8bb1442d5890d2a6cebaf0a1038599d6afbf50daca91e1d65"
  }, {
    "product_name" : "Red Hat OpenShift distributed tracing 3.5.1",
    "release_date" : "2025-03-13T00:00:00Z",
    "advisory" : "RHSA-2025:2789",
    "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8",
    "package" : "rhosdt/opentelemetry-target-allocator-rhel8:sha256:0742729985d0b1ce925bdaaa92c2bb42272902f4c2e93038c0fcf171c7baf03f"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "aap-cloud-metrics-collector-container",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-automation-platform-24/ee-minimal-rhel8",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-automation-platform-25/ansible-builder-rhel8",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-automation-platform-25/ee-supported-rhel8",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "krb5",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "krb5",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-24528\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-24528\nhttps://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0" ],
  "name" : "CVE-2025-24528",
  "csaw" : false
}