CVE-2021-37750NULL Pointer Dereference in Kerberos 5

CWE-476NULL Pointer Dereference10 documents9 sources
Severity
6.5MEDIUMNVD
OSV7.5
EPSS
0.7%
top 27.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
MIT Krb5MIT Kerberos 5Debian Linux+3 more
Timeline
PublishedAug 23
Latest updateMar 16

Description

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

NVDmit/kerberos_51.19.01.19.3+1
Debianmit/krb5< 1.18.3-6+deb11u1+3
Ubuntumit/krb5< 1.16-2ubuntu0.4+1

Also affects: Debian Linux 9.0, Fedora 33

Patches

Patch: github.comPatch: www.oracle.comPatch: github.com

🔴Vulnerability Details

4
OSV
krb5 vulnerabilities2023-03-16
GHSA
GHSA-p36j-vmfc-m4v5: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 12022-05-24
OSV
CVE-2021-37750: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 12021-08-23
CVEList
CVE-2021-37750: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 12021-08-23

📋Vendor Advisories

5
Ubuntu
Kerberos vulnerabilities2023-03-16
Oracle
Oracle Oracle Communications Risk Matrix: NSSF (MIT Kerberos) — CVE-2021-377502022-07-15
Red Hat
krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field2021-08-19
Microsoft
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field2021-08-10
Debian
CVE-2021-37750: krb5 - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and...2021
CVE-2021-37750 — NULL Pointer Dereference in Kerberos 5 | cvebase