CVE-2024-37371
published 2024-06-28CVE-2024-37371: In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid…
PriorityP349critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
1.86%
76.6th percentile
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.20.1-2+deb12u2 (bookworm) | krb5 1.20.1-2+deb12u2 (bookworm) |
| mit | kerberos_5 | < 1.21.3 | 1.21.3 |
| mit | krb5 | >= 0 < 1.18.3-6+deb11u5 | 1.18.3-6+deb11u5 |
| mit | krb5 | >= 0 < 1.20.1-2+deb12u2 | 1.20.1-2+deb12u2 |
| mit | krb5 | >= 0 < 1.21.3-1 | 1.21.3-1 |
| mit | krb5 | >= 0 < 1.21.3-1 | 1.21.3-1 |
| mit | krb5 | >= 0 < 1.17-6ubuntu4.6 | 1.17-6ubuntu4.6 |
| mit | krb5 | >= 0 < 1.19.2-2ubuntu0.4 | 1.19.2-2ubuntu0.4 |
| mit | krb5 | >= 0 < 1.20.1-6ubuntu2.1 | 1.20.1-6ubuntu2.1 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu5.4+esm5 | 1.12+dfsg-2ubuntu5.4+esm5 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-5ubuntu2.2+esm5 | 1.13.2+dfsg-5ubuntu2.2+esm5 |
| mit | krb5 | >= 0 < 1.16-2ubuntu0.4+esm2 | 1.16-2ubuntu0.4+esm2 |
| msrc | azl3_krb5_1.21.2-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_krb5_1.21.3-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_krb5_1.19.4-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
osv9.1CRITICAL
vendor_debian9.1CRITICAL
vendor_msrc9.1CRITICAL
vendor_oracle9.1CRITICAL
vendor_redhat9.1CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security (Kerberos) — CVE-2024-37371
vendor_oracle·2025-10-15·CVSS 9.1
CVE-2024-37371 [CRITICAL] Oracle Oracle Communications Applications Risk Matrix: Security (Kerberos) — CVE-2024-37371
Oracle Oracle Communications Applications Risk Matrix: Security (Kerberos) vulnerability
CVE: CVE-2024-37371
CVSS: 9.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2025 (OCT 2025)
CISA ICS
Siemens SIMATIC S7-1500 CPU Family
cisa_ics·2025-06-12
Siemens SIMATIC S7-1500 CPU Family
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU Family
Release DateJune 12, 2025
Alert CodeICSA-25-162-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU family
- Vulnerabilities: Missing Encryption of Sensitive Data, Out-of-bounds Read, Use After Free, Stack-
Oracle
Oracle Oracle Communications Applications Risk Matrix: Platform (Kerberos) — CVE-2024-37371
vendor_oracle·2025-01-15·CVSS 9.1
CVE-2024-37371 [CRITICAL] Oracle Oracle Communications Applications Risk Matrix: Platform (Kerberos) — CVE-2024-37371
Oracle Oracle Communications Applications Risk Matrix: Platform (Kerberos) vulnerability
CVE: CVE-2024-37371
CVSS: 9.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2025 (JAN 2025)
Oracle
Oracle Oracle Communications Risk Matrix: Configuration (Kerberos) — CVE-2024-37371
vendor_oracle·2024-10-15·CVSS 9.1
CVE-2024-37371 [CRITICAL] Oracle Oracle Communications Risk Matrix: Configuration (Kerberos) — CVE-2024-37371
Oracle Oracle Communications Risk Matrix: Configuration (Kerberos) vulnerability
CVE: CVE-2024-37371
CVSS: 9.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2024 (OCT 2024)
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2024-08-08·CVSS 7.5
CVE-2024-37371 [HIGH] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Kerberos could be made to crash if it received specially crafted
input.
It was discovered that Kerberos incorrectly handled GSS message tokens
where an unwrapped token could appear to be truncated. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2024-37370)
It was discovered that Kerberos incorrectly handled GSS message tokens
when sent a token with invalid length fields. An attacker could possibly
use this issue to cause a denial of service. (CVE-2024-37371)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
krb5: GSS message token handling
vendor_redhat·2024-06-27·CVSS 9.1
CVE-2024-37371 [CRITICAL] krb5: GSS message token handling
krb5: GSS message token handling
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.
Statement: This issue is classified as a moderate severity vulnerability because, while it allows an attacker to modify the plaintext "Extra Count" field of a GSS krb5 wrap token, the impact is primarily limited to token truncation at the application layer. Thi
Microsoft
In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
vendor_msrc·2024-06-11·CVSS 9.1
CVE-2024-37371 [CRITICAL] In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mari
Debian
CVE-2024-37371: krb5 - In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory...
vendor_debian·2024·CVSS 9.1
CVE-2024-37371 [CRITICAL] CVE-2024-37371: krb5 - In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory...
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
Scope: local
bookworm: resolved (fixed in 1.20.1-2+deb12u2)
bullseye: resolved (fixed in 1.18.3-6+deb11u5)
forky: resolved (fixed in 1.21.3-1)
sid: resolved (fixed in 1.21.3-1)
trixie: resolved (fixed in 1.21.3-1)
OSV
krb5 vulnerabilities
osv·2024-08-08·CVSS 7.5
CVE-2024-37370 [HIGH] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that Kerberos incorrectly handled GSS message tokens
where an unwrapped token could appear to be truncated. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2024-37370)
It was discovered that Kerberos incorrectly handled GSS message tokens
when sent a token with invalid length fields. An attacker could possibly
use this issue to cause a denial of service. (CVE-2024-37371)
GHSA
GHSA-8wpj-v5qv-3wf4: In MIT Kerberos 5 (aka krb5) before 1
ghsa_unreviewed·2024-06-29
CVE-2024-37371 [CRITICAL] CWE-125 GHSA-8wpj-v5qv-3wf4: In MIT Kerberos 5 (aka krb5) before 1
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
OSV
CVE-2024-37371: In MIT Kerberos 5 (aka krb5) before 1
osv·2024-06-28·CVSS 9.1
CVE-2024-37371 [CRITICAL] CVE-2024-37371: In MIT Kerberos 5 (aka krb5) before 1
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
No detection rules found.
No public exploits indexed.
Qualys
Oracle Critical Patch Update, October 2025 Security Update Review
blogs_qualys·2025-10-23
Oracle Critical Patch Update, October 2025 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Oracle released its third quarterly edition of this year’s Critical Patch Update. The update received patches for 374 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 73, constituting about 19% of the total patches released. Oracle Communications Applications and Oracle Financial Services Applications followed, with 64 and 33 security patches.
298 of the 374 security patches provided by the October Critical Patch Update (
Qualys
Oracle Critical Patch Update, October 2025 Security Update Review | Qualys
blogs_qualys·2025-10-23
Oracle Critical Patch Update, October 2025 Security Update Review | Qualys
#### Table of Contents
- Qualys QID Coverage
- Notable Oracle Vulnerabilities Patched
Oracle released its third quarterly edition of this year’s Critical Patch Update. The update received patches for 374 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 73, constituting about 19% of the total patches released. Oracle Communications Applications and Oracle Financial Services Applications followed, with 64 and 33 security patches.
298 of the 374 security patches provided by the October Critical Patch Upd
Qualys
Oracle Critical Patch Update, January 2025 Security Update Review
blogs_qualys·2025-01-23
Oracle Critical Patch Update, January 2025 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
Oracle released its first quarterly edition of this year’s Critical Patch Update, which received patches for 318 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 85 constituting about 27% of the total patches released. Oracle MySQL and Oracle Financial Services Applications followed,
Qualys
Oracle Critical Patch Update, January 2025 Security Update Review | Qualys
blogs_qualys·2025-01-23
Oracle Critical Patch Update, January 2025 Security Update Review | Qualys
#### Table of Contents
- Qualys QID Coverage
- Notable Oracle Vulnerabilities Patched
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
Oracle released its first quarterly edition of this year’s Critical Patch Update, which received patches for 318 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 85 constituting about 27% of the total patches released. Oracle MySQL and Oracle Financial Services Applications fol
Qualys
Oracle Critical Patch Update, October 2024 Security Update Review
blogs_qualys·2024-10-16
Oracle Critical Patch Update, October 2024 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Oracle released the last quarterly edition of this year’s Critical Patch Update. The update contains patches for 334 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 100 constituting about 30% of the total patches released. Oracle MySQL and Oracle Fusion Middleware followed, with 45 and 32 security patches, respectively.
244
Qualys
Oracle Critical Patch Security Update: October 2024 | Qualys
blogs_qualys·2024-10-16
Oracle Critical Patch Security Update: October 2024 | Qualys
#### Table of Contents
- Qualys QID Coverage
- Notable Oracle Vulnerabilities Patched
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Oracle released the last quarterly edition of this year’s Critical Patch Update. The update contains patches for 334 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 100 constituting about 30% of the total patches released. Oracle MySQL and Oracle Fusion Middleware followed, with 45 and 32 security patches, respectively.
Wiz
CVE-2025-24528 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2025-24528 [HIGH] CVE-2025-24528 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-24528 :
Kerberos vulnerability analysis and mitigation
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
Source : NVD
## 7.1
Score
Published January 16, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
Kerberos
Rocky Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 42.9
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
crypto-policies
krb5-plugin-preauth-otp
Sources
NVD
AlmaLinux 8 Severity MEDIUM Has Fix Added at: Mar 19, 2025
AlmaLinux 9 Severity MEDI
Bugzilla
CVE-2024-37371 krb5: GSS message token handling
bugzilla·2024-06-28·CVSS 9.1
CVE-2024-37371 [CRITICAL] CVE-2024-37371 krb5: GSS message token handling
CVE-2024-37371 krb5: GSS message token handling
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
Reference and upstream patch:
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
Discussion:
Created krb5 tracking bugs for this issue:
Affects: fedora-all [bug 2294680]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Via RHSA-2024:4734 https://access.redhat.com/errata/RHSA-2024:4734
---
This issue has been addressed in the follo
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fefhttps://web.mit.edu/kerberos/www/advisories/https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fefhttps://security.netapp.com/advisory/ntap-20241108-0009/https://security.netapp.com/advisory/ntap-20250124-0010/https://web.mit.edu/kerberos/www/advisories/https://cert-portal.siemens.com/productcert/html/ssa-082556.html
2024-06-28
Published