CVE-2024-37370

Name
CVE-2024-37370
Description
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
cve@mitre.org https://web.mit.edu/kerberos/www/advisories/

Match rules

CPE URI Source package Min version Max version
n/a == n/a == n/a

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
krb5 3.18-main 1.20.2-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
krb5 3.17-main 1.20.2-r1 Natanael Copa <ncopa@alpinelinux.org> fixed