CVE-2024-26461

moderate-risk

Published 2024-02-29

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Kerberos 5

Active Iq Unified Manager

Cloud Volumes Ontap Mediator

Management Services For Element Software And Netapp Hci

Ontap 9

Ontap Select Deploy Administration Utility

H610C Firmware

H610S Firmware

H615C Firmware

Mit Netapp

Exploit https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md

Third Party Advisory https://security.netapp.com/advisory/ntap-20240415-0011/

Exploit https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md

Third Party Advisory https://security.netapp.com/advisory/ntap-20240415-0011/

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 15/34 · Moderate