CVE-2025-59089
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2026-04-20

Assigner: Red Hat, Inc.

Description
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copies the entire buffered stream into a new buffer on each recv() call, even when the transfer is incomplete, causing excessive memory allocation and CPU usage. Additionally, kdcproxy accepts incoming response chunks as long as the received data length is not exactly equal to the length indicated in the response header, even when individual chunks or the total buffer exceed the maximum length of a Kerberos message. This allows an attacker to send unbounded data until the connection timeout is reached (approximately 12 seconds), exhausting server memory or CPU resources. Multiple concurrent requests can cause accept queue overflow, denying service to legitimate clients.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2026-04-20
Generated
2026-05-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-59089
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
redhat kdcproxy *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs when an attacker tricks kdcproxy into connecting to a malicious KDC server. Because kdcproxy does not limit the size of TCP responses, it repeatedly copies incoming data into new buffers even if the data transfer is incomplete. This behavior leads to excessive memory and CPU usage. The attacker can send unlimited data chunks until the connection times out, exhausting server resources and potentially causing denial of service.


How can this vulnerability impact me? :

The vulnerability can cause denial of service by exhausting server memory and CPU resources. Multiple concurrent exploit attempts can overflow the accept queue, preventing legitimate clients from accessing the service.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart