VDB

DEBIAN-CVE-2024-37370

DEBIAN-CVE-2024-37370 PUBLISHED CVSS 7.5 HIGH

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Debian:14krb50, 0
Debian:13krb50, 0
Debian:12krb51.20.1-2, 0, 1.20.1-2
Debian:11krb51.18.3-6, 0, *

Timeline

  • Jun 28, 2024 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›