CVE

CVE-2024-37371

Severity:

Pending analysis

Type:

Unavailable / Other

Publication date:

28/06/2024

Last modified:

01/07/2024

Description

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

References to Advisories, Solutions, and Tools

https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
https://web.mit.edu/kerberos/www/advisories/