CVE-2025-24528

Publication date 31 January 2025

Last updated 3 March 2025

Ubuntu priority

In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
krb5	24.10 oracular	Fixed 1.21.3-3ubuntu0.2
	24.04 LTS noble	Fixed 1.20.1-6ubuntu2.5
	22.04 LTS jammy	Fixed 1.19.2-2ubuntu0.6
	20.04 LTS focal	Fixed 1.17-6ubuntu4.9
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
krb5	Upstream: 78ceba0

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-7314-1
Kerberos vulnerabilities
3 March 2025

Other references

https://www.cve.org/CVERecord?id=CVE-2025-24528