CVE-2024-37371

Опубликовано: 28 июн. 2024

Источник: debian

Описание

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
krb5	fixed	1.21.3-1		package

Примечания

https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef (krb5-1.21.3-final)

Связанные уязвимости

CVE-2024-37371

CVSS3: 9.1

ubuntu

12 месяцев назад

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

CVE-2024-37371

CVSS3: 6.5

redhat

12 месяцев назад

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

CVE-2024-37371

CVSS3: 9.1

nvd

12 месяцев назад

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

CVE-2024-37371

CVSS3: 9.1

msrc

10 месяцев назад

Описание отсутствует

GHSA-8wpj-v5qv-3wf4

CVSS3: 9.1

github

12 месяцев назад

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.