IM
IronMonkey Threat Research

CVE-2024-37371 CRITICAL

Published: 2024-06-28 | Last Modified: 2026-05-12 | Status: Modified

Description

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

Additional Descriptions (1)

En MIT Kerberos 5 (también conocido como krb5) anterior a 1.21.3, un atacante puede provocar lecturas de memoria no válidas durante el manejo de tokens de mensajes GSS al enviar tokens de mensajes con campos de longitud no válidos.

CVSS Metrics

Base Score: 9.1 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 5.2

Weaknesses

Source Type Description
[email protected] Primary
en NVD-CWE-Other
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-125

Affected Products

Vendor Product Version Update Type
mit kerberos_5 * <built-in method update of dict object at 0x702bdc9f4280> Application
debian debian_linux 11.0 <built-in method update of dict object at 0x702bdc9f7080> Operating System
debian debian_linux 12.0 <built-in method update of dict object at 0x702bdc9f5980> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
Notification
Message here