CVE-2021-37750

Published: Aug 23, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://web.mit.edu/kerberos/advisories/

https://github.com/krb5/krb5/releases

FEDORA-2021-f2c8514f02

vendor-advisory

[debian-lts-announce] 20210930 [SECURITY] [DLA 2771-1] krb5 security update

mailing-list

https://www.oracle.com/security-alerts/cpujul2022.html

https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49

https://security.netapp.com/advisory/ntap-20210923-0002/

https://www.starwindsoftware.com/security/sw-20220817-0004/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-37750

Description

Affected Products

References