cbcvebase.
CVE-2024-37371
published 2024-06-28

CVE-2024-37371: In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid…

PriorityP349critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
1.86%
76.6th percentile
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

Affected

21 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiankrb5< krb5 1.20.1-2+deb12u2 (bookworm)krb5 1.20.1-2+deb12u2 (bookworm)
mitkerberos_5< 1.21.31.21.3
mitkrb5>= 0 < 1.18.3-6+deb11u51.18.3-6+deb11u5
mitkrb5>= 0 < 1.20.1-2+deb12u21.20.1-2+deb12u2
mitkrb5>= 0 < 1.21.3-11.21.3-1
mitkrb5>= 0 < 1.21.3-11.21.3-1
mitkrb5>= 0 < 1.17-6ubuntu4.61.17-6ubuntu4.6
mitkrb5>= 0 < 1.19.2-2ubuntu0.41.19.2-2ubuntu0.4
mitkrb5>= 0 < 1.20.1-6ubuntu2.11.20.1-6ubuntu2.1
mitkrb5>= 0 < 1.12+dfsg-2ubuntu5.4+esm51.12+dfsg-2ubuntu5.4+esm5
mitkrb5>= 0 < 1.13.2+dfsg-5ubuntu2.2+esm51.13.2+dfsg-5ubuntu2.2+esm5
mitkrb5>= 0 < 1.16-2ubuntu0.4+esm21.16-2ubuntu0.4+esm2
msrcazl3_krb5_1.21.2-1_on_azure_linux_3.0
msrcazl3_krb5_1.21.3-1_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_krb5_1.19.4-3_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
osv9.1CRITICAL
vendor_debian9.1CRITICAL
vendor_msrc9.1CRITICAL
vendor_oracle9.1CRITICAL
vendor_redhat9.1CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.