CVE-2025-59089 (CNNVD-202511-1403)

MEDIUM
中文标题:
kdcproxy 安全漏洞
英文标题:
Python-kdcproxy: remote dos via unbounded tcp upstream buffering
CVSS分数: 5.9
发布时间: 2025-11-12 16:40:50
漏洞类型: 其他
状态: PUBLISHED
数据质量分数: 0.40
数据版本: v4
漏洞描述
中文描述:

kdcproxy是latchset开源的一个Python库 kdcproxy存在安全漏洞,该漏洞源于未强制执行TCP响应长度边界,可能导致拒绝服务攻击。

英文描述:

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copies the entire buffered stream into a new buffer on each recv() call, even when the transfer is incomplete, causing excessive memory allocation and CPU usage. Additionally, kdcproxy accepts incoming response chunks as long as the received data length is not exactly equal to the length indicated in the response header, even when individual chunks or the total buffer exceed the maximum length of a Kerberos message. This allows an attacker to send unbounded data until the connection timeout is reached (approximately 12 seconds), exhausting server memory or CPU resources. Multiple concurrent requests can cause accept queue overflow, denying service to legitimate clients.

CWE类型:
CWE-770
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
latchset kdcproxy - < 1.1.0 - cpe:2.3:a:latchset:kdcproxy:*:*:*:*:*:*:*:*
Red Hat Red Hat Enterprise Linux 10 - - - cpe:/o:redhat:enterprise_linux:10.1
Red Hat Red Hat Enterprise Linux 10.0 Extended Update Support - - - cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support - - - cpe:/o:redhat:rhel_els:7
Red Hat Red Hat Enterprise Linux 8 8 - - cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support 8.2 - - cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 8.4 - - cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On 8.4 - - cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 8.6 - - cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service 8.6 - - cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions 8.6 - - cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service 8.8 - - cpe:/a:redhat:rhel_e4s:8.8::appstream
Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions 8.8 - - cpe:/a:redhat:rhel_e4s:8.8::appstream
Red Hat Red Hat Enterprise Linux 9 9 - - cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions 9.0 - - cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions 9.2 - - cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support 9.4 - - cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat Red Hat Enterprise Linux 9.6 Extended Update Support 9.6 - - cpe:/a:redhat:rhel_eus:9.6::appstream
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
RHSA-2025:21138 vendor-advisory
cve.org
访问
RHSA-2025:21139 vendor-advisory
cve.org
访问
RHSA-2025:21140 vendor-advisory
cve.org
访问
RHSA-2025:21141 vendor-advisory
cve.org
访问
RHSA-2025:21142 vendor-advisory
cve.org
访问
RHSA-2025:21448 vendor-advisory
cve.org
访问
RHSA-2025:21748 vendor-advisory
cve.org
访问
RHSA-2025:21806 vendor-advisory
cve.org
访问
RHSA-2025:21818 vendor-advisory
cve.org
访问
RHSA-2025:21819 vendor-advisory
cve.org
访问
RHSA-2025:21820 vendor-advisory
cve.org
访问
RHSA-2025:21821 vendor-advisory
cve.org
访问
RHSA-2025:22982 vendor-advisory
cve.org
访问
无标题 vdb-entry
cve.org
访问
RHBZ#2393958 issue-tracking
cve.org
访问
无标题 OTHER
cve.org
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
CVSS评分详情
3.1 (cna)
MEDIUM
5.9
CVSS向量: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
机密性
NONE
完整性
NONE
可用性
HIGH
时间信息
发布时间:
2025-11-12 16:40:50
修改时间:
2025-12-19 15:10:54
创建时间:
2026-01-12 02:12:07
更新时间:
2026-02-05 06:00:27
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2025-59089 2025-12-21 02:11:30 2026-01-12 02:12:07
NVD nvd_CVE-2025-59089 2025-12-10 04:21:26 2026-01-12 02:27:54
CNNVD cnnvd_CNNVD-202511-1403 2026-01-15 01:52:31 2026-01-15 01:52:57
版本与语言
当前版本: v4
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v4 NVD
2026-01-29 06:00:17
references_count: 16 → 17
查看详细变更
  • references_count: 16 -> 17
v3 CNNVD
2026-01-15 01:52:57
vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-202511-1403; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 其他
  • cnnvd_id: 未提取 -> CNNVD-202511-1403
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2026-01-12 02:27:54
affected_products_count: 19 → 18; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • affected_products_count: 19 -> 18
  • data_sources: ['cve'] -> ['cve', 'nvd']