CVE-2024-37371

Updated: 2024-11-30 04:23:15.12145

Description:

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x CRITICAL 9.1

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU krb5 1.20.1 9.1 CRITICAL Released CLSA-2024:1726769331 2024-09-19 14:24:51
CentOS 6 ELS krb5 1.10.3 9.1 CRITICAL Ignored 2024-10-11 17:30:01 We have reasoned not to port the fix for this CVE since upstream changes are too intrusive. affectin...
CentOS 7 ELS krb5 1.15.1 9.1 CRITICAL Released CLSA-2024:1726840907 2024-10-01 17:32:16
CentOS 8.4 ELS krb5 1.18.2-8.3 9.1 CRITICAL Released CLSA-2024:1726769233 2024-09-19 14:24:50
CentOS 8.5 ELS krb5 1.18.2-14 9.1 CRITICAL Released CLSA-2024:1726769396 2024-09-19 14:24:49
CloudLinux 6 ELS krb5 1.10.3 9.1 CRITICAL Ignored 2024-10-11 17:30:03 We have reasoned not to port the fix for this CVE since upstream changes are too intrusive. affectin...
CloudLinux 7 ELS krb5 1.15.1 9.1 CRITICAL Released CLSA-2024:1726841437 2024-10-01 17:32:16
Oracle Linux 6 ELS krb5 1.10.3 9.1 CRITICAL Ignored 2024-10-11 17:30:01 We have reasoned not to port the fix for this CVE since upstream changes are too intrusive. affectin...
Oracle Linux 7 ELS krb5 1.15.1 9.1 CRITICAL Already Fixed 2024-12-03 12:09:58
Ubuntu 16.04 ELS krb5 1.13.2 9.1 CRITICAL Released CLSA-2024:1727287657 2024-09-25 14:28:27
Total: 11