CLSA-2026-1779461988 krb5: Fix of 3 CVEs

CVE-2024-3596: generate and verify Message-Authenticator MACs in libkrad to mitigate the BlastRADIUS attack on the RADIUS protocol; includes follow-up fix for uninitialized pointer dereference in kradpacketdecoderequest - CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap...

Fedora 42 : libgsasl (2026-a8d6c7c064)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a8d6c7c064 advisory. GSSAPI server: Boundary check gsswrap token read OOB Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

CLSA-2024-1726840907 krb5: Fix of 2 CVEs

CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap token to avoid appearing truncated to application - CVE-2024-37371: fix invalid memory reads during GSS message token handling...

CLSA-2024-1726769331 krb5: Fix of 2 CVEs

CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap token to avoid appearing truncated to application - CVE-2024-37371: fix invalid memory reads during GSS message token handling...

krb5: GSS message token handling

A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper...

AZL-43002 CVE-2024-37370 affecting package krb5 for versions less than 1.21.3-1

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application...

AZL-42991 CVE-2024-37370 affecting package krb5 for versions less than 1.19.4-3

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application...

UBUNTU-CVE-2024-37370

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application...

PT-2024-6104 · Mit +10 · Mit Kerberos 5 +10

Name of the Vulnerable Software and Affected Versions: MIT Kerberos 5 versions prior to 1.21.3 Description: The issue is related to the modification of the plaintext Extra Count field of a confidential GSS krb5 wrap token. This can cause the unwrapped token to appear truncated to the application,...