NULL Pointer Dereference in MIT Kerberos 5 Product
CVE-2021-37750

6.5MEDIUM

Key Information:

Vendor: Mit
Status: Kerberos 5
Vendor: CVE Published:; 23 August 2021

What is CVE-2021-37750?

A vulnerability exists in the Key Distribution Center (KDC) of MIT Kerberos 5, prior to versions 1.18.5 and 1.19.3. This vulnerability can be exploited through a NULL pointer dereference caused by a malformed FAST inner body request, which lacks a required server field. An attacker may exploit this flaw to crash the KDC, potentially leading to a denial of service situation.

References

https://web.mit.edu/kerberos/advisories/

https://github.com/krb5/krb5/releases

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2021
Vulnerability Reserved
Jul 30, 2021

CVE-2021-37750 Data

JSON

Mit

What is CVE-2021-37750?

References

CVSS V3.1

Timeline