PT-2021-21862 · Mit+8 · Mit Kerberos 5+8

Published

2021-08-19

·

Updated

2024-06-15

·

CVE-2021-37750

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: MIT Kerberos 5 versions prior to 1.18.5 MIT Kerberos 5 versions 1.19.x prior to 1.19.3
Description: The Key Distribution Center (KDC) in MIT Kerberos 5 has a NULL pointer dereference in kdc/do tgs req.c via a FAST inner body that lacks a server field. This issue occurs in versions prior to 1.18.5 and 1.19.x versions prior to 1.19.3.
Recommendations: For versions prior to 1.18.5, update to version 1.18.5 or later. For versions 1.19.x prior to 1.19.3, update to version 1.19.3 or later. As a temporary workaround, consider restricting access to the KDC to minimize the risk of exploitation.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2022-1486
ALT-PU-2022-1505
ALT-PU-2022-1513
ALT-PU-2022-1532
AZL-6608
BDU:2026-01437
CESA-2021_3576
CESA-2021_4788
CVE-2021-37750
DLA-2771-1
OESA-2021-1329
OPENSUSE-SU-2021:1411-1
OPENSUSE-SU-2021:3454-1
OPENSUSE-SU-2021_1411-1
OPENSUSE-SU-2021_3454-1
OPENSUSE-SU-2024:10899-1
RHSA-2021:3576
RHSA-2021:4788
RHSA-2021_3576
RHSA-2021_4788
RLSA-2021:3576
SUSE-SU-2021:3454-1
SUSE-SU-2021:3454-2
SUSE-SU-2021_3454-1
SUSE-SU-2022:4154-1
SUSE-SU-2022_4154-1
SUSE-SU-2024:1702-1
SUSE-SU-2024_1702-1
USN-5959-1

Affected Products

Alt Linux
Astra Linux
Centos
Linuxmint
Mit Kerberos 5
Red Hat
Rocky Linux
Suse
Ubuntu