In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.

References

github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef

web.mit.edu/kerberos/www/advisories/

osv 13

nvd 1

nessus 33

veracode 1

alpinelinux 1

cbl_mariner 2

ubuntucve 2

vulnrichment 1

debiancve 1

cve 1

redhatcve 1

redhat 36

almalinux 2

openvas 17

amazon 1

redos 1

oraclelinux 2

ibm 5

ubuntu 1

mageia 1

photon 3

fedora 2

osv

CVE-2024-37370

2024-06-28 22:15:02

UBUNTU-CVE-2024-37370

2024-06-28 22:15:00

Security update for krb5

2024-07-04 14:21:12

nvd

CVE-2024-37370

2024-06-28 22:15:02

nessus

CBL Mariner 2.0 Security Update: krb5 (CVE-2024-37370)

2024-08-06 00:00:00

SUSE SLES15 Security Update : krb5 (SUSE-SU-2024:2305-1)

2024-07-06 00:00:00

Debian dsa-5726 : krb5-admin-server - security update

2024-07-06 00:00:00

veracode

Plaintext Modification

2024-07-01 11:00:24

alpinelinux

CVE-2024-37370

2024-06-28 22:15:02

cbl_mariner

CVE-2024-37370 affecting package krb5 for versions less than 1.19.4-3

2024-08-05 03:22:58

CVE-2024-37370 affecting package krb5 for versions less than 1.21.3-1

2024-08-14 20:43:58

ubuntucve

CVE-2024-37370

2024-06-28 00:00:00

CVE-2024-37371

2024-06-28 00:00:00

vulnrichment

CVE-2024-37370

2024-06-28 00:00:00

debiancve

CVE-2024-37370

2024-06-28 22:15:02

cve

CVE-2024-37370

2024-06-28 22:15:02

redhatcve

CVE-2024-37370

2024-06-28 05:08:57

redhat

(RHSA-2024:4734) Moderate: krb5 security update

2024-07-23 14:41:35

(RHSA-2024:5316) Moderate: krb5 security update

2024-08-13 15:31:25

(RHSA-2024:4743) Moderate: krb5 security update

2024-07-23 14:47:21

almalinux

Moderate: krb5 security update

2024-09-03 00:00:00

Moderate: krb5 security update

2024-08-13 00:00:00

openvas

openSUSE: Security Advisory for krb5 (SUSE-SU-2024:2307-1)

2024-07-10 00:00:00

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-2419)

2024-09-12 00:00:00

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-2442)

2024-09-12 00:00:00

amazon

Medium: krb5

2024-07-18 02:00:00

redos

ROS-20240911-04

2024-09-11 00:00:00

oraclelinux

krb5 security update

2024-08-13 00:00:00

krb5 security update

2024-09-03 00:00:00

ibm

Security Bulletin: IBM DataPower Gateway vulnerable to data truncation and DoS in Kerberos (CVE-2024-37370 & CVE-2024-37371)

2024-09-03 14:18:56

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to GNOME GLib, libcurl and kerberos 5

2024-09-27 11:38:34

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to denial of service, privilege escalation and kerberos 5

2024-09-06 09:28:18

ubuntu

Kerberos vulnerabilities

2024-08-08 00:00:00

mageia

Updated krb5 packages fix security vulnerabilities

2024-07-03 19:36:28

photon

Critical Photon OS Security Update - PHSA-2024-3.0-0791

2024-09-04 00:00:00

Critical Photon OS Security Update - PHSA-2024-4.0-0679

2024-09-02 00:00:00

Critical Photon OS Security Update - PHSA-2024-5.0-0355

2024-08-26 00:00:00

fedora

[SECURITY] Fedora 40 Update: krb5-1.21.3-1.fc40

2024-07-13 02:46:57

[SECURITY] Fedora 39 Update: krb5-1.21.3-1.fc39

2024-07-17 01:19:01

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.001

Percentile

37.7%

JSON

Related for CVELIST:CVE-2024-37370