5.9
CVE-2025-3576
- EPSS 0.05%
- Published 15.04.2025 05:55:26
- Last modified 02.09.2025 10:15:34
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://web.mit.edu/kerberos/
≫
Package
krb5
Default Statusunaffected
Version <
1.22
Version
0
Status
affected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 10
Default Statusaffected
Version <
*
Version
0:1.21.3-8.el10_0
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8
Default Statusaffected
Version <
*
Version
0:1.18.2-32.el8_10
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8.2 Advanced Update Support
Default Statusaffected
Version <
*
Version
0:1.17-19.el8_2.3
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version <
*
Version
0:1.18.2-9.el8_4.3
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Default Statusaffected
Version <
*
Version
0:1.18.2-9.el8_4.3
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version <
*
Version
0:1.18.2-16.el8_6.4
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Default Statusaffected
Version <
*
Version
0:1.18.2-16.el8_6.4
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Default Statusaffected
Version <
*
Version
0:1.18.2-16.el8_6.4
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version <
*
Version
0:1.18.2-26.el8_8.5
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version <
*
Version
0:1.18.2-26.el8_8.5
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:1.21.1-8.el9_6
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:1.21.1-8.el9_6
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Default Statusaffected
Version <
*
Version
0:1.19.1-16.el9_0.4
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Default Statusaffected
Version <
*
Version
0:1.20.1-9.el9_2.3
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9.4 Extended Update Support
Default Statusaffected
Version <
*
Version
0:1.21.1-2.el9_4.2
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Discovery 2
Default Statusaffected
Version <
*
Version
sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Ansible Automation Platform 2
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Ansible Automation Platform 2
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Ansible Automation Platform 2
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Ansible Automation Platform 2
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Ansible Automation Platform 2
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 6
Default Statusunknown
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 7
Default Statusunknown
VendorRed Hat
≫
Product
Red Hat In-Vehicle Operating System 1
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift Container Platform 4
Default Statusaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.138 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secalert@redhat.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-328 Use of Weak Hash
The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).