PT-2024-6097 · Mit+11 · Mit Kerberos 5+11

Jacob Champion

·

Published

2024-06-27

·

Updated

2025-09-09

·

CVE-2024-37371

CVSS v2.0

9.4

Critical

VectorAV:N/AC:L/Au:N/C:C/I:N/A:C
Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions prior to 1.21.3
Description The issue is related to the handling of GSS message tokens in the Kerberos authentication protocol. An attacker can cause invalid memory reads by sending message tokens with invalid length fields, potentially impacting the confidentiality, integrity, and availability of protected information. This can be exploited by a remote attacker.
Recommendations For versions prior to 1.21.3, update to version 1.21.3 or later to resolve the issue. As a temporary workaround, consider restricting access to GSS message token handling until a patch is available.

Fix

DoS

Out of bounds Read

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:5312
ALSA-2024:6166
ALSA-2025:1671
ALSA-2025:1673
ALT-PU-2024-9477
ALT-PU-2024-9479
ALT-PU-2025-1464
AZL-42996
AZL-42999
BDU:2024-07005
CESA-2024_5312
CESA-2025_1673
CVE-2024-37371
DSA-5726-1
INFSA-2024_5312
INFSA-2024_6166
INFSA-2025_1671
INFSA-2025_1673
MGASA-2024-0253
OESA-2024-1825
OPENSUSE-SU-2024:14111-1
OPENSUSE-SU-2024_2302-1
OPENSUSE-SU-2024_2303-1
OPENSUSE-SU-2024_2307-1
OPENSUSE-SU-2024_2322-1
RHSA-2024:4734
RHSA-2024:4743
RHSA-2024:5076
RHSA-2024:5312
RHSA-2024:5316
RHSA-2024:5625
RHSA-2024:5630
RHSA-2024:5643
RHSA-2024:5884
RHSA-2024:6166
RHSA-2024_5312
RHSA-2024_6166
RHSA-2025:1671
RHSA-2025:1673
RHSA-2025_1671
RHSA-2025_1673
RLSA-2025:1671
RLSA-2025:1673
SUSE-SU-2024:2300-1
SUSE-SU-2024:2302-1
SUSE-SU-2024:2303-1
SUSE-SU-2024:2305-1
SUSE-SU-2024:2307-1
SUSE-SU-2024:2322-1
SUSE-SU-2025:20051-1
USN-6947-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Mit Kerberos 5
Mysql Server
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu