What is the severity of CVE-2024-23266?

CVE-2024-23266 is classified as a moderate severity vulnerability affecting the Kerberos v5 PAM module.

How do I fix CVE-2024-23266?

To fix CVE-2024-23266, update your system to macOS Sonoma 14.4, macOS Monterey 12.7.4, or macOS Ventura 13.6.5.

What systems are affected by CVE-2024-23266?

CVE-2024-23266 affects macOS systems including versions 12.0.0 to 12.7.4, 13.0 to 13.6.5, and 14.0 to 14.4.

What type of issue is CVE-2024-23266?

CVE-2024-23266 is an issue where an application may be able to modify protected parts of the file system due to inadequate checks.

Is there a patch available for CVE-2024-23266?

Yes, a patch for CVE-2024-23266 is included in the updated versions of macOS that address this vulnerability.

Vulnerability/
CVE-2024-23266

medium

5.5

CWE

119 20

7/3/2024

8/3/2024

13/2/2025

CVE-2024-23266: Buffer Overflow

First published: Thu Mar 07 2024(Updated: )

Accessibility. A privacy issue was addressed with improved private data redaction for log entries.

Credit: Pedro Tôrres @t0rr3sp3dr0 product-security@apple.com an anonymous researcher Junsung Lee Trend Micro Zero Day InitiativeZhenjiang Zhao pangu teamQianxin CrowdStrike Counter Adversary Operations CrowdStrike Counter Adversary OperationsAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R Murray Mike CVE-2024-23235 Xinru Chi Pangu LabCVE-2024-23225 koocola ali yabuz Kirin @Pwnrin Meysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiative @08Tc3wBB JamfCVE-2024-23283 Mickey Jin @patch1t CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 Bohdan Stasiuk @Bohdan_Stasiuk Harsh Tyagi Wojciech Regula SecuRingCVE-2024-23296 Lyra Rebane (rebane2001) Matej Rabzelj CVE-2024-23238 Yiğit Can YILMAZ @yilmazcanyigit luckyu @uuulucky K宝 Fudan UniversityLFY @secsys Fudan UniversityLewis Hardy Bistrit Dahal CVE-2024-23241 CVE-2024-23242 Joshua Jewett @JoshJewett33 Matthew Loewen Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik anbu1024 SecANTPwn2car James Lee @Windowsrcer Johan Carlsson (joaxcar) Georg Felber Marco Squarcina m4yfly with TianGong Team Legendsec at Qi'anxin GroupGuilherme Rambo Best Buddy AppsCsaba Fitzl @theevilbit OffSecCVE-2024-23205 CVE-2022-48554 Marc Newlin SkySafeBrian McNulty Stephan Casas CVE-2024-23291 Clemens Lang Koh M. Nakagawa FFRI Security IncMeng Zhang (鲸落) NorthSeaJubaer Alnazi @h33tjubaer Csaba Fitzl @theevilbit Offensive Security

Affected Software	Affected Version	How to fix
Apple macOS Monterey	<12.7.4	12.7.4
Apple macOS	>=12.0.0<12.7.4
Apple macOS	>=13.0<13.6.5
Apple macOS	>=14.0<14.4
Apple macOS	<14.4	14.4
Apple macOS	<13.6.5	13.6.5
	<12.7.4	12.7.4

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-23276
CVE-2024-23227
CVE-2024-23269
CVE-2024-23247
CVE-2024-23218
CVE-2024-23299
CVE-2024-23244
CVE-2024-23270
CVE-2024-23286
CVE-2024-23257
CVE-2024-23234
CVE-2024-23266
CVE-2024-23265
CVE-2024-23225
CVE-2024-23201
CVE-2023-28826
CVE-2024-23264
CVE-2024-23283
CVE-2024-23274
CVE-2024-23268
CVE-2024-23275
CVE-2024-23267
CVE-2024-23216
CVE-2024-23230
CVE-2024-23204
CVE-2024-23245
CVE-2024-23272
CVE-2023-40389
CVE-2024-23291
CVE-2024-27886
CVE-2024-23233
CVE-2024-23288
CVE-2024-23277
CVE-2024-23248
CVE-2024-23249
CVE-2024-23250
CVE-2024-23205
CVE-2022-48554
CVE-2024-23229
CVE-2024-27789
CVE-2024-23253
CVE-2024-23258
CVE-2024-23235
CVE-2024-27853
CVE-2024-23278
CVE-2024-0258
CVE-2024-23279
CVE-2024-23287
CVE-2024-23285
CVE-2024-27809
CVE-2024-27887
CVE-2023-48795
CVE-2023-51384
CVE-2023-51385
CVE-2022-42816
CVE-2023-42853
CVE-2024-27888
CVE-2024-23255
CVE-2024-23294
CVE-2024-23296
CVE-2024-23259
CVE-2024-23273
CVE-2024-23238
CVE-2024-23239
CVE-2024-23290
CVE-2024-23232
CVE-2024-23231
CVE-2024-23292
CVE-2024-23289
CVE-2024-23293
CVE-2024-23241
CVE-2024-23242
CVE-2024-23281
CVE-2024-27792
CVE-2024-23261
CVE-2024-23260
CVE-2024-23246
CVE-2024-23226
CVE-2024-23254
CVE-2024-23263
CVE-2024-23280
CVE-2024-23284
CVE-2024-23203
CVE-2024-23217
CVE-2024-54658
CVE-2024-27859

Frequently Asked Questions

What is the severity of CVE-2024-23266?
CVE-2024-23266 is classified as a moderate severity vulnerability affecting the Kerberos v5 PAM module.
How do I fix CVE-2024-23266?
To fix CVE-2024-23266, update your system to macOS Sonoma 14.4, macOS Monterey 12.7.4, or macOS Ventura 13.6.5.
What systems are affected by CVE-2024-23266?
CVE-2024-23266 affects macOS systems including versions 12.0.0 to 12.7.4, 13.0 to 13.6.5, and 14.0 to 14.4.
What type of issue is CVE-2024-23266?
CVE-2024-23266 is an issue where an application may be able to modify protected parts of the file system due to inadequate checks.
Is there a patch available for CVE-2024-23266?
Yes, a patch for CVE-2024-23266 is included in the updated versions of macOS that address this vulnerability.

agent/first-publish-date
agent/type
agent/severity
collector/apple-support
source/Apple
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/trending
agent/source
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
agent/event
agent/weakness
agent/last-modified-date
agent/references
agent/author
agent/softwarecombine
agent/tags
agent/description
alias/CVE-2024-23257
alias/CVE-2024-23258
alias/CVE-2024-23286
alias/CVE-2024-23234
alias/CVE-2024-23266
alias/CVE-2024-23235
alias/CVE-2024-23265
alias/CVE-2024-23225
alias/CVE-2024-27853
alias/CVE-2024-23278
alias/CVE-2024-0258
alias/CVE-2024-23279
alias/CVE-2024-23287
alias/CVE-2024-23264
alias/CVE-2024-23285
alias/CVE-2024-27809
alias/CVE-2024-23283
alias/CVE-2024-27887
alias/CVE-2023-48795
alias/CVE-2023-51384
alias/CVE-2023-51385
alias/CVE-2022-42816
alias/CVE-2024-23216
alias/CVE-2024-23267
alias/CVE-2024-23268
alias/CVE-2024-23274
alias/CVE-2023-42853
alias/CVE-2024-23275
alias/CVE-2024-27888
alias/CVE-2024-23255
alias/CVE-2024-23294
alias/CVE-2024-23296
alias/CVE-2024-23259
alias/CVE-2024-23273
alias/CVE-2024-23238
alias/CVE-2024-23239
alias/CVE-2024-23290
alias/CVE-2024-23232
alias/CVE-2024-23231
alias/CVE-2024-23230
alias/CVE-2024-23245
alias/CVE-2024-23292
alias/CVE-2024-23289
alias/CVE-2024-23293
alias/CVE-2024-23241
alias/CVE-2024-23272
alias/CVE-2024-23242
alias/CVE-2024-23281
alias/CVE-2024-27792
alias/CVE-2024-23261
alias/CVE-2024-23260
alias/CVE-2024-23246
alias/CVE-2024-54658
alias/CVE-2024-23226
alias/CVE-2024-27859
alias/CVE-2024-23254
alias/CVE-2024-23263
alias/CVE-2024-23280
alias/CVE-2024-23284
alias/CVE-2024-23248
alias/CVE-2024-23249
alias/CVE-2024-23250
alias/CVE-2024-23299
alias/CVE-2024-23244
alias/CVE-2024-23205
alias/CVE-2022-48554
alias/CVE-2024-23229
alias/CVE-2024-27789
alias/CVE-2024-23253
alias/CVE-2024-23270
alias/CVE-2024-23277
alias/CVE-2024-23247
alias/CVE-2024-23288
alias/CVE-2024-23227
alias/CVE-2024-27886
alias/CVE-2024-23233
alias/CVE-2024-23269
alias/CVE-2024-23276
alias/CVE-2024-23201
alias/CVE-2023-28826
alias/CVE-2024-23204
alias/CVE-2023-40389
alias/CVE-2024-23218
alias/CVE-2024-23203
alias/CVE-2024-23217
vendor/apple
canonical/apple macos monterey
canonical/apple macos
version/apple macos/12.0.0
version/apple macos/13.0
version/apple macos/14.0