Wind River Support Network

HomeDefectsLIN1022-12994
Fixed

LIN1022-12994 : Security Advisory - krb5 - CVE-2025-24528

Created: Jan 29, 2025    Updated: Jan 19, 2026
Resolved Date: Jan 18, 2026
Found In Version: 10.22.33.1
Fix Version: 10.22.33.23
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace

Description

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

https://nvd.nist.gov/vuln/detail/CVE-2025-24528
  • Linkedin
  • Facebook
  • Twitter
  • Youtube