CVE-2024-37370
published 2024-06-28CVE-2024-37370: In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.75%
50.3th percentile
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.20.1-2+deb12u2 (bookworm) | krb5 1.20.1-2+deb12u2 (bookworm) |
| mit | kerberos_5 | < 1.21.3 | 1.21.3 |
| mit | krb5 | >= 0 < 1.18.3-6+deb11u5 | 1.18.3-6+deb11u5 |
| mit | krb5 | >= 0 < 1.20.1-2+deb12u2 | 1.20.1-2+deb12u2 |
| mit | krb5 | >= 0 < 1.21.3-1 | 1.21.3-1 |
| mit | krb5 | >= 0 < 1.21.3-1 | 1.21.3-1 |
| mit | krb5 | >= 0 < 1.17-6ubuntu4.6 | 1.17-6ubuntu4.6 |
| mit | krb5 | >= 0 < 1.19.2-2ubuntu0.4 | 1.19.2-2ubuntu0.4 |
| mit | krb5 | >= 0 < 1.20.1-6ubuntu2.1 | 1.20.1-6ubuntu2.1 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu5.4+esm5 | 1.12+dfsg-2ubuntu5.4+esm5 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-5ubuntu2.2+esm5 | 1.13.2+dfsg-5ubuntu2.2+esm5 |
| mit | krb5 | >= 0 < 1.16-2ubuntu0.4+esm2 | 1.16-2ubuntu0.4+esm2 |
| msrc | azl3_krb5_1.21.2-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_krb5_1.21.3-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_krb5_1.19.4-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC S7-1500 CPU Family
cisa_ics·2025-06-12
Siemens SIMATIC S7-1500 CPU Family
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU Family
Release DateJune 12, 2025
Alert CodeICSA-25-162-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU family
- Vulnerabilities: Missing Encryption of Sensitive Data, Out-of-bounds Read, Use After Free, Stack-
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2024-08-08·CVSS 7.5
CVE-2024-37371 [HIGH] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Kerberos could be made to crash if it received specially crafted
input.
It was discovered that Kerberos incorrectly handled GSS message tokens
where an unwrapped token could appear to be truncated. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2024-37370)
It was discovered that Kerberos incorrectly handled GSS message tokens
when sent a token with invalid length fields. An attacker could possibly
use this issue to cause a denial of service. (CVE-2024-37371)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
krb5: GSS message token handling
vendor_redhat·2024-06-27·CVSS 7.5
CVE-2024-37370 [HIGH] krb5: GSS message token handling
krb5: GSS message token handling
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.
Statement: This vulnerability has an ability to disrupt authentication process and attackers able to alter the token data durning the transmission which leads to disruption in service and an attacker can void the integrity by alte
Microsoft
In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token causing the unwrapped token to appear truncated to the applicati
vendor_msrc·2024-06-11·CVSS 7.5
CVE-2024-37370 [HIGH] In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token causing the unwrapped token to appear truncated to the applicati
In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token causing the unwrapped token to appear truncated to the application.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update
Debian
CVE-2024-37370: krb5 - In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext...
vendor_debian·2024·CVSS 7.5
CVE-2024-37370 [HIGH] CVE-2024-37370: krb5 - In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext...
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
Scope: local
bookworm: resolved (fixed in 1.20.1-2+deb12u2)
bullseye: resolved (fixed in 1.18.3-6+deb11u5)
forky: resolved (fixed in 1.21.3-1)
sid: resolved (fixed in 1.21.3-1)
trixie: resolved (fixed in 1.21.3-1)
OSV
krb5 vulnerabilities
osv·2024-08-08·CVSS 7.5
CVE-2024-37370 [HIGH] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that Kerberos incorrectly handled GSS message tokens
where an unwrapped token could appear to be truncated. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2024-37370)
It was discovered that Kerberos incorrectly handled GSS message tokens
when sent a token with invalid length fields. An attacker could possibly
use this issue to cause a denial of service. (CVE-2024-37371)
GHSA
GHSA-wvrw-2fv8-cjvx: In MIT Kerberos 5 (aka krb5) before 1
ghsa_unreviewed·2024-06-29
CVE-2024-37370 [HIGH] CWE-345 GHSA-wvrw-2fv8-cjvx: In MIT Kerberos 5 (aka krb5) before 1
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
OSV
CVE-2024-37370: In MIT Kerberos 5 (aka krb5) before 1
osv·2024-06-28·CVSS 7.5
CVE-2024-37370 [HIGH] CVE-2024-37370: In MIT Kerberos 5 (aka krb5) before 1
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2024-37370 krb5: GSS message token handling
bugzilla·2024-06-28·CVSS 7.5
CVE-2024-37370 [HIGH] CVE-2024-37370 krb5: GSS message token handling
CVE-2024-37370 krb5: GSS message token handling
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
Reference and upstream patch:
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
Discussion:
Created krb5 tracking bugs for this issue:
Affects: fedora-all [bug 2294678]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Via RHSA-2024:4734 https://access.redhat.com/errata/RHSA-2024:4734
---
This issue
Wiz
CVE-2025-24528 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2025-24528 [HIGH] CVE-2025-24528 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-24528 :
Kerberos vulnerability analysis and mitigation
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
Source : NVD
## 7.1
Score
Published January 16, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
Kerberos
Rocky Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 42.9
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
crypto-policies
krb5-plugin-preauth-otp
Sources
NVD
AlmaLinux 8 Severity MEDIUM Has Fix Added at: Mar 19, 2025
AlmaLinux 9 Severity MEDI
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fefhttps://web.mit.edu/kerberos/www/advisories/https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fefhttps://security.netapp.com/advisory/ntap-20241108-0007/https://web.mit.edu/kerberos/www/advisories/https://cert-portal.siemens.com/productcert/html/ssa-082556.html
2024-06-28
Published