// For flags

CVE-2024-26458

krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

Kerberos 5 (también conocido como krb5) 1.21.2 contiene una pérdida de memoria en /krb5/src/lib/rpc/pmap_rmt.c.

A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-19 CVE Reserved
  • 2024-02-26 CVE Published
  • 2024-02-27 EPSS Updated
  • 2024-12-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Centos
Search vendor "Centos"
 Centos
Search vendor "Centos" for product "Centos"
*-
Affected
Oracle
Search vendor "Oracle"
 Exadata Dbserver
Search vendor "Oracle" for product "Exadata Dbserver"
*-
Affected
Amazon
Search vendor "Amazon"
 Linux
Search vendor "Amazon" for product "Linux"
*-
Affected
Centos
Search vendor "Centos"
 Centos
Search vendor "Centos" for product "Centos"
*-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
*-
Affected
Opensuse
Search vendor "Opensuse"
 Leap
Search vendor "Opensuse" for product "Leap"
*-
Affected
Oracle
Search vendor "Oracle"
 Linux
Search vendor "Oracle" for product "Linux"
*-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
*-
Affected
Suse
Search vendor "Suse"
 Sle-module-basesystem
Search vendor "Suse" for product "Sle-module-basesystem"
*-
Affected
Suse
Search vendor "Suse"
 Sle-module-server-applications
Search vendor "Suse" for product "Sle-module-server-applications"
*-
Affected
Suse
Search vendor "Suse"
 Sle-sdk
Search vendor "Suse" for product "Sle-sdk"
*-
Affected
Suse
Search vendor "Suse"
 Sle Hpc-espos
Search vendor "Suse" for product "Sle Hpc-espos"
*-
Affected
Suse
Search vendor "Suse"
 Sle Hpc-ltss
Search vendor "Suse" for product "Sle Hpc-ltss"
*-
Affected
Suse
Search vendor "Suse"
 Sle Hpc
Search vendor "Suse" for product "Sle Hpc"
*-
Affected
Suse
Search vendor "Suse"
 Sled
Search vendor "Suse" for product "Sled"
*-
Affected
Suse
Search vendor "Suse"
 Sles-ltss
Search vendor "Suse" for product "Sles-ltss"
*-
Affected
Suse
Search vendor "Suse"
 Sles
Search vendor "Suse" for product "Sles"
*-
Affected
Suse
Search vendor "Suse"
 Sles Sap
Search vendor "Suse" for product "Sles Sap"
*-
Affected
Suse
Search vendor "Suse"
 Suse-manager-proxy
Search vendor "Suse" for product "Suse-manager-proxy"
*-
Affected
Suse
Search vendor "Suse"
 Suse-manager-server
Search vendor "Suse" for product "Suse-manager-server"
*-
Affected