CVE-2021-37750

Updated: 2024-11-21 21:14:18.597283

Description:

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS krb5 1.10.3 6.5 MEDIUM Not Vulnerable 2022-02-14 08:36:26
CentOS 7 ELS krb5 1.15.1 6.5 MEDIUM Already Fixed 2023-09-19 09:30:22
CentOS 8.4 ELS krb5 1.18.2-8.3 6.5 MEDIUM Already Fixed 2023-10-30 11:22:09
CentOS 8.5 ELS krb5 1.18.2-14 6.5 MEDIUM Already Fixed 2023-10-30 11:22:09
CloudLinux 6 ELS krb5 1.10.3 6.5 MEDIUM Not Vulnerable 2022-02-14 08:36:26
Oracle Linux 6 ELS krb5 1.10.3 6.5 MEDIUM Not Vulnerable 2022-02-14 08:36:26
Ubuntu 16.04 ELS krb5 1.13.2 6.5 MEDIUM Ignored 2022-02-17 14:41:06
Ubuntu 18.04 ELS krb5 1.16-2 6.5 MEDIUM Already Fixed 2023-06-02 09:09:40