CVE-2024-37370

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

History

27 Aug 2024, 17:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References () https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef - () https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef - Patch
References () https://web.mit.edu/kerberos/www/advisories/ - () https://web.mit.edu/kerberos/www/advisories/ - Vendor Advisory
First Time Mit
Mit kerberos 5

01 Jul 2024, 12:37

Type Values Removed Values Added
Summary
  • (es) En MIT Kerberos 5 (también conocido como krb5) anterior a 1.21.3, un atacante puede modificar el campo Extra Count de texto plano de un token de envoltura GSS krb5 confidencial, lo que hace que el token desenvuelto aparezca truncado para la aplicación.

28 Jun 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-28 22:15

Updated : 2024-08-27 17:48


NVD link : CVE-2024-37370

Mitre link : CVE-2024-37370

CVE.ORG link : CVE-2024-37370


JSON object : View

Products Affected

mit

  • kerberos_5