CVE-2024-26461
Published: 29 February 2024
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
Notes
Author | Note |
---|---|
Priority reason: memory leak only unlikely to be triggered |
|
mdeslaur | per upstream: "The k5sealv3.c leak affects an encoding function, and happens on a bounds check which likely cannot be triggered with any choice of memory-valid API inputs. (The bounds check was itself introduced to quash a different static analysis defect.)" |