Mit Kerberos 5
3 CVEs affecting Mit Kerberos 5. Latest disclosed: 2026-04-28. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-24528 | High | 7.1 | 2026-01-16 | In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An auth… |
CVE-2026-40356 | Medium | 5.9 | 2026-04-28 | In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on… |
CVE-2026-40355 | Medium | 5.9 | 2026-04-28 | In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mech… |