[krbdev.mit.edu #9159] git commit
Greg Hudson via RT
rt at krbdev.mit.edu
Mon Aug 4 18:32:19 EDT 2025
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9159 >
Prevent overflow when calculating ulog block size
In kdb_log.c:resize(), log an error and fail if the update size is
larger than the largest possible block size (2^16-1).
CVE-2025-24528:
In MIT krb5 release 1.7 and later with incremental propagation
enabled, an authenticated attacker can cause kadmind to write beyond
the end of the mapped region for the iprop log file, likely causing a
process crash.
[ghudson at mit.edu: edited commit message and added CVE description]
(cherry picked from commit 78ceba024b64d49612375be4a12d1c066b0bfbd0)
https://github.com/krb5/krb5/commit/daa1a9127616c4f50e421038de0b0b93145d74ef
Author: Zoltan Borbely <Zoltan.Borbely at morganstanley.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: daa1a9127616c4f50e421038de0b0b93145d74ef
Branch: krb5-1.21
src/lib/kdb/kdb_log.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
More information about the krb5-bugs
mailing list