{}

{}

{}

{"affected_release": [{"advisory": "RHSA-2025:1352", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "krb5-0:1.15.1-55.el7_9.4", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:2722", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "krb5-0:1.18.2-31.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-13T00:00:00Z"}, {"advisory": "RHSA-2025:2789", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8:sha256:12407a15fefa30bb851444d27b00e1815970ae085deca7c17537612ec9e4bff6", "product_name": "Red Hat OpenShift distributed tracing 3.5", "release_date": "2025-03-13T00:00:00Z"}, {"advisory": "RHSA-2025:2789", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator:sha256:7e0320614f3be4e8bb1442d5890d2a6cebaf0a1038599d6afbf50daca91e1d65", "product_name": "Red Hat OpenShift distributed tracing 3.5", "release_date": "2025-03-13T00:00:00Z"}, {"advisory": "RHSA-2025:2789", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8:sha256:cced4191c3e84f44eca2ed486592c473f97fd5cd0941edb9d216051802dad3f7", "product_name": "Red Hat OpenShift distributed tracing 3.5", "release_date": "2025-03-13T00:00:00Z"}], "bugzilla": {"description": "krb5: overflow when calculating ulog block size", "id": "2342796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342796"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service."], "name": "CVE-2025-24528", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "aap-cloud-metrics-collector-container", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/ee-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/ee-supported-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-25/ansible-builder-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "krb5", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "krb5", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-01-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-24528\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-24528\nhttps://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0"], "threat_severity": "Moderate"}