VDB
ALPINE-CVE-2024-37370
ALPINE-CVE-2024-37370
PUBLISHED
CVSS 7.5 HIGH
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.19 | krb5 | 0, 1.11-r0, 1.11-r1 |
| Alpine:v3.17 | krb5 | 1.13-r0, 0, 1.20.2-r0 |
| Alpine:v3.18 | krb5 | 1.18.1-r0, 1.11-r0, 1.11.2-r0 |
| Alpine:v3.24 | krb5 | 0 |
| Alpine:v3.22 | krb5 | 1.19.2-r0, 1.19.2-r1, 1.19.2-r2 |
| Alpine:v3.20 | krb5 | 1.11.3-r0, 0, 1.11-r0 |
| Alpine:v3.23 | krb5 | 1.12.2-r0, 0, 1.11-r0 |
| Alpine:v3.21 | krb5 | 1.18.1-r0, 1.13.2-r1, 1.13.2-r0 |
Timeline
- Jun 28, 2024 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 15, 2026 CVE Updated