CVE-2024-37371

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/06/2024
Last modified:
13/03/2025

Description

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:* 1.21.3 (excluding)
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*