cbcvebase.
CVE-2021-37750
published 2021-08-23

CVE-2021-37750: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a…

PriorityP432medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
2.17%
80.0th percentile
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

Affected

15 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiankrb5< krb5 1.18.3-7 (bookworm)krb5 1.18.3-7 (bookworm)
fedoraprojectfedora
mitkerberos_5< 1.18.51.18.5
mitkerberos_5>= 1.19.0 < 1.19.31.19.3
mitkrb5>= 0 < 1.18.3-6+deb11u11.18.3-6+deb11u1
mitkrb5>= 0 < 1.18.3-71.18.3-7
mitkrb5>= 0 < 1.18.3-71.18.3-7
mitkrb5>= 0 < 1.18.3-71.18.3-7
mitkrb5>= 0 < 1.16-2ubuntu0.41.16-2ubuntu0.4
mitkrb5>= 0 < 1.17-6ubuntu4.31.17-6ubuntu4.3
msrccbl2_krb5_1.19.3-1_on_cbl_mariner_2.0
msrccm1_krb5_1.18.4-1_on_cbl_mariner_1.0
oraclecommunications_cloud_native_core_network_slice_selection_function
starwindsoftwarestarwind_virtual_san

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_oracle6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.