{"id":"CVE-2025-24528","details":"In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.","modified":"2026-04-12T14:04:25.549627Z","published":"2026-01-16T18:16:06.633Z","related":["ALSA-2025:2722","ALSA-2025:7067","MGASA-2025-0072","SUSE-SU-2025:0304-1","SUSE-SU-2025:0343-1","SUSE-SU-2025:0351-1","SUSE-SU-2025:0401-1","SUSE-SU-2025:0822-1","SUSE-SU-2025:20153-1","SUSE-SU-2025:20303-1","openSUSE-SU-2025:14736-1"],"references":[{"type":"WEB","url":"https://github.com/krb5/krb5/compare/krb5-1.21.3-final...krb5-1.22-final"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00029.html"},{"type":"FIX","url":"https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/krb5/krb5","events":[{"introduced":"0"},{"fixed":"969d2be8e235b85905da5e68f310327c0c5cbf1d"},{"fixed":"78ceba024b64d49612375be4a12d1c066b0bfbd0"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.22"}]}}],"versions":["krb5-1.22-beta1"],"database_specific":{"vanir_signatures_modified":"2026-04-12T14:04:25Z","vanir_signatures":[{"target":{"file":"src/lib/kdb/kdb_log.c","function":"store_update"},"id":"CVE-2025-24528-0cfe26f2","source":"https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0","signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":1445,"function_hash":"3074977396827581001495770390110702082"}},{"target":{"file":"src/lib/kdb/kdb_log.c"},"id":"CVE-2025-24528-17fbd852","source":"https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0","signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["154590554652673707349828605560161903427","38046643150627393312854226398159538810","201488786692955641160190718305003551346","66671922444365937749504965048334541871","18298931351466260204586706074694410302","87129781335719589497701724325756588185","241243179489472849136615009784184167606","106044797657459011981902468428296723685","250965463141842428989390824289987919010","138024478688754077917037225803970980723","310955557866091524613144115260040117002"]}},{"target":{"file":"src/lib/kdb/kdb_log.c","function":"resize"},"id":"CVE-2025-24528-d54b7b1a","source":"https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0","signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":559,"function_hash":"140837900817891006527778715455940883371"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24528.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H"}]}