Invalid Memory Read Issues in MIT Kerberos 5 from MIT
CVE-2024-37371

9.1CRITICAL

Key Information:

Vendor: Mit
Status: Kerberos 5
Vendor: CVE Published:; 28 June 2024

What is CVE-2024-37371?

In the MIT Kerberos 5 applications, particularly versions before 1.21.3, attackers can exploit the handling of GSS message tokens. By sending specially crafted message tokens with incorrect length fields, they can trigger unauthorized invalid memory reads. This vulnerability poses significant risks as it may lead to unintended data exposure or application instability.

References

https://web.mit.edu/kerberos/www/advisories/

https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd810...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2024
Vulnerability Reserved
Jun 6, 2024

CVE-2024-37371 Data

JSON

Mit

What is CVE-2024-37371?

References

CVSS V3.1

Timeline