CVE-2024-26458: Medium severity MIT Kerberos 5 vulnerability

Q: What is the severity of CVE-2024-26458?

CVE-2024-26458 has been categorized with a medium severity level due to the nature of the memory leak.

Q: How do I fix CVE-2024-26458?

To fix CVE-2024-26458, update to the latest version of Kerberos 5 that addresses this memory leak.

Q: Which software is affected by CVE-2024-26458?

CVE-2024-26458 affects IBM MQ Operator and supplied MQ Advanced container images within specific version ranges.

Q: What is the impact of CVE-2024-26458?

The impact of CVE-2024-26458 includes memory leaks that could lead to reduced performance or crashes over time.

Q: Is CVE-2024-26458 being actively exploited?

As of the latest information, there are no confirmed reports of active exploitation for CVE-2024-26458.

Published Feb 26, 2024

Updated

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c.

Affected Software

16 affected componentsFixes available

debian/krb5<=1.18.3-6+deb11u5, <=1.18.3-6+deb11u6, <=1.20.1-2+deb12u2, <=1.21.3-4

MIT Kerberos 5=1.21.2

NetApp Active Iq Unified Manager Vmware Vsphere

NetApp Cloud Volumes Ontap Mediator

NetApp Management Services For Element Software And Netapp Hci

NetApp Ontap 9

NetApp ONTAP Select Deploy administration utility

All of the following

NetApp H610c Firmware

NetApp H610c

All of the following

NetApp H610s Firmware

NetApp H610s

All of the following

NetApp H615c Firmware

NetApp H615c

IBM Application Gateway<=23.10 - 25.09

Microsoft cbl2 krb5 1.19.4-3

Patch available

Microsoft azl3 krb5 1.21.3-2

Patch available

Event History

Feb 26, 2024

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Feb 28, 2024

Data Sourced

via Red Hat·08:58 PM

DescriptionSeverityAffected Software

Feb 29, 2024

Data Sourced

via NVD·01:44 AM

DescriptionSeverity

Sep 11, 2024

Data Sourced

via Microsoft·07:00 AM

DescriptionSeverityWeakness

Data Sourced

via Microsoft·07:00 AM

Affected Software

Updated

via Microsoft·07:00 AM

Affected Software

Updated

via Microsoft·07:00 AM

Description

Mar 3, 2025

Data Sourced

via Launchpad·06:27 PM

Description

Mar 7, 2025

Data Sourced

via Ubuntu·06:27 PM

RemedyDescriptionSeverityAffected Software

Jan 12, 2026

Data Sourced

via IBM·12:00 AM

DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-7256857

Frequently Asked Questions

What is the severity of CVE-2024-26458?

CVE-2024-26458 has been categorized with a medium severity level due to the nature of the memory leak.

How do I fix CVE-2024-26458?

To fix CVE-2024-26458, update to the latest version of Kerberos 5 that addresses this memory leak.

Which software is affected by CVE-2024-26458?

CVE-2024-26458 affects IBM MQ Operator and supplied MQ Advanced container images within specific version ranges.

What is the impact of CVE-2024-26458?

The impact of CVE-2024-26458 includes memory leaks that could lead to reduced performance or crashes over time.

Is CVE-2024-26458 being actively exploited?

As of the latest information, there are no confirmed reports of active exploitation for CVE-2024-26458.

CVE-2024-26458: Medium severity MIT Kerberos 5 vulnerability

Affected Software

Event History

Parent advisories

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2024-26458?

How do I fix CVE-2024-26458?

Which software is affected by CVE-2024-26458?

What is the impact of CVE-2024-26458?

Is CVE-2024-26458 being actively exploited?

Company

Resources

Contact