In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash. — CVE-2025-24528

Summary

Advisory CVE-2025-24528. In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize()… Vendor: Microsoft. Source: MSRC. Threat: high. CVSS 7.1. See the official…

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• ASoC: stm32: sai: fix OF node leak on probe CVE-2025-71081
• Bluetooth: btusb: revert use of devm_kzalloc in btusb CVE-2025-71082
• clk: samsung: exynos-clkout: Assign .num before accessing .hws CVE-2025-71143
• CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages CVE-2025-68151
• Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium CVE-2025-15444
• Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata CVE-2026-0897
• drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer CVE-2025-71130
• e1000: fix OOB in e1000_tbi_should_accept() CVE-2025-71093
• ethtool: Avoid overflowing userspace buffer on stats query CVE-2025-68795
• f2fs: use global inline_xattr_slab instead of per-sb slab cache CVE-2025-71105
• iavf: fix off-by-one issues in iavf_config_rss_reg() CVE-2025-71087
• In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow. CVE-2025-62291