CVE-2024-26458

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md	Exploit
https://security.netapp.com/advisory/ntap-20240415-0010/	Third Party Advisory
https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md	Exploit
https://security.netapp.com/advisory/ntap-20240415-0010/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:1.21.2:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:::::::*
	cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:::::::*
	cpe:2.3:a:netapp:ontap_9:-:::::::*
	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-02-29 01:44

Updated : 2025-05-23 15:39

NVD link : CVE-2024-26458

Mitre link : CVE-2024-26458

CVE.ORG link : CVE-2024-26458

JSON object : View

Products Affected

mit

kerberos_5

netapp

h615c_firmware
h615c
h610c_firmware
h610s
h610s_firmware
ontap_select_deploy_administration_utility
cloud_volumes_ontap_mediator
h610c
management_services_for_element_software_and_netapp_hci
ontap_9
active_iq_unified_manager

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2024-26458", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-02-29T01:44:18.780", "references": [{"url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://security.netapp.com/advisory/ntap-20240415-0010/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240415-0010/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c."}, {"lang": "es", "value": "Kerberos 5 (tambi\u00e9n conocido como krb5) 1.21.2 contiene una p\u00e9rdida de memoria en /krb5/src/lib/rpc/pmap_rmt.c."}], "lastModified": "2025-05-23T15:39:31.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:1.21.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F95920FF-DDA8-4D74-9CFE-81FCD071031D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "vulnerable": true, "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"}, {"criteria": "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "280AA828-6FA9-4260-8EC1-019423B966E1"}, {"criteria": "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB"}, {"criteria": "cpe:2.3:a:netapp:ontap_9:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD886814-B4A0-4764-9F08-2060601D8E89"}, {"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}