CVE-2024-37371

Опубликовано: 28 июн. 2024

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 9.1

Описание

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

Релиз	Статус	Примечание
devel	not-affected	1.21.3-3
esm-infra-legacy/trusty	not-affected	1.12+dfsg-2ubuntu5.4+esm5
esm-infra/bionic	released	1.16-2ubuntu0.4+esm2
esm-infra/focal	not-affected	1.17-6ubuntu4.6
esm-infra/xenial	released	1.13.2+dfsg-5ubuntu2.2+esm5
focal	released	1.17-6ubuntu4.6
jammy	released	1.19.2-2ubuntu0.4
mantic	ignored	end of life, was needed
noble	released	1.20.1-6ubuntu2.1
oracular	not-affected	1.21.3-3

Показывать по

Ссылки на источники

EPSS

Процентиль: 72%

0.00725

Низкий

9.1 Critical

CVSS3

Связанные уязвимости

CVE-2024-37371

CVSS3: 6.5

redhat

12 месяцев назад

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

CVE-2024-37371

CVSS3: 9.1

nvd

12 месяцев назад

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

CVE-2024-37371

CVSS3: 9.1

msrc

10 месяцев назад

Описание отсутствует

CVE-2024-37371

CVSS3: 9.1

debian

12 месяцев назад

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause inva ...

GHSA-8wpj-v5qv-3wf4

CVSS3: 9.1

github

12 месяцев назад

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

EPSS

Процентиль: 72%

0.00725

Низкий

9.1 Critical

CVSS3

CVE-2024-37371

Описание

Пакет krb5

Ссылки на источники

Связанные уязвимости