CVE-2024-26462
First published: Mon Feb 26 2024(Updated: )
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Storage Defender Resiliency Service | <=2.0.0 - 2.0.9 | |
| debian/krb5 | <=1.20.1-2+deb12u2 | 1.18.3-6+deb11u5 1.18.3-6+deb11u6 1.21.3-4 |
| Kerberos | =1.21.2 | |
| NetApp Active IQ Unified Manager for VMware vSphere | ||
| NetApp ONTAP Mediator | ||
| NetApp Management Services for NetApp HCI | ||
| NetApp ONTAP Select Deploy | ||
| All of | ||
| NetApp H610C | ||
| NetApp H610C Firmware | ||
| All of | ||
| NetApp HCI H610S Firmware | ||
| NetApp H610S Firmware | ||
| All of | ||
| NetApp H615C | ||
| NetApp H615C |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md
- https://security.netapp.com/advisory/ntap-20240415-0012/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2266743
- https://access.redhat.com/errata/RHSA-2024:9331
- https://bugzilla.redhat.com/show_bug.cgi?id=2266742
- https://www.ibm.com/support/pages/node/7178587 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26462
- https://nvd.nist.gov/vuln/detail/CVE-2024-26462
- https://launchpad.net/bugs/cve/CVE-2024-26462
- https://security-tracker.debian.org/tracker/CVE-2024-26462
- https://ubuntu.com/security/CVE-2024-26462
- https://github.com/krb5/krb5/commit/c85894cfb784257a6acb4d77d8c75137d2508f5e
- https://github.com/krb5/krb5/commit/7d0d85bf99caf60c0afd4dcf91b0c4c683b983fe
- https://github.com/krb5/krb5/commit/0c2de238b5bf1ea4578e3933a604c7850905b8be
- https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html
Frequently Asked Questions
What is the severity of CVE-2024-26462?
CVE-2024-26462 is classified as a high-severity memory leak vulnerability in Kerberos 5 version 1.21.2.
How do I fix CVE-2024-26462?
To address CVE-2024-26462, upgrade Kerberos 5 to a version that is not affected by this vulnerability.
What are the potential impacts of CVE-2024-26462?
The memory leak in CVE-2024-26462 can lead to increased memory consumption and potentially affect the performance of affected systems.
Which software versions are affected by CVE-2024-26462?
CVE-2024-26462 affects Kerberos 5 version 1.21.2 and specific versions of IBM Storage Defender - Resiliency Service up to 2.0.9.
Is there a workaround for CVE-2024-26462?
Currently, the best workaround for CVE-2024-26462 is to ensure that any impacted systems are monitored for increased memory usage until a patch can be applied.
- agent/type
- agent/first-publish-date
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/trending
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-26462
- agent/weakness
- agent/severity
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/source
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- vendor/ibm
- canonical/ibm storage defender resiliency service
- version/ibm storage defender resiliency service/2.0.0 - 2.0.9
- package-manager/debian
- vendor/mit
- canonical/kerberos
- version/kerberos/1.21.2
- vendor/netapp
- canonical/netapp active iq unified manager for vmware vsphere
- canonical/netapp ontap mediator
- canonical/netapp management services for netapp hci
- canonical/netapp ontap select deploy
- canonical/netapp h610c
- canonical/netapp h610c firmware
- canonical/netapp hci h610s firmware
- canonical/netapp h610s firmware
- canonical/netapp h615c