CVE-2024-26458

moderate-risk

Published 2024-02-29

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

Do I need to act?

0.25% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Kerberos 5

Active Iq Unified Manager

Cloud Volumes Ontap Mediator

Management Services For Element Software And Netapp Hci

Ontap 9

Ontap Select Deploy Administration Utility

H610C Firmware

H610S Firmware

H615C Firmware

Mit Netapp

Exploit https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md

Third Party Advisory https://security.netapp.com/advisory/ntap-20240415-0010/

Exploit https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md

Third Party Advisory https://security.netapp.com/advisory/ntap-20240415-0010/

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 15/34 · Moderate