CVE-2021-37750

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
mitkerberos_5
𝑥
< 1.18.5
mitkerberos_5
1.19.0 ≤
𝑥
< 1.19.3
debiandebian_linux
9.0
oraclecommunications_cloud_native_core_network_slice_selection_function
22.1.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
krb5
bookworm
1.20.1-2+deb12u2
fixed
bookworm (security)
1.20.1-2+deb12u2
fixed
bullseye
1.18.3-6+deb11u5
fixed
bullseye (security)
1.18.3-6+deb11u5
fixed
sid
1.21.3-3
fixed
trixie
1.21.3-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
krb5
bionic
Fixed 1.16-2ubuntu0.4
released
focal
Fixed 1.17-6ubuntu4.3
released
hirsute
ignored
impish
ignored
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
krb5
suse enterprise desktop 15 SP2
1.16.3-3.24.1
fixed
suse enterprise desktop 15 SP3
1.16.3-3.24.1
fixed
suse enterprise desktop 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise desktop 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise desktop 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise desktop 15 SP7
1.20.1-150600.11.8.1
fixed
suse enterprise sap 12 SP5
1.16.3-46.12.1
fixed
suse enterprise sap 15 SP2
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP3
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise sap 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise sap 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.8.1
fixed
suse enterprise server 12 SP5
1.16.3-46.12.1
fixed
suse enterprise server 15
1.15.2-150000.6.17.1
fixed
suse enterprise server 15 SP2
1.16.3-3.24.1
fixed
suse enterprise server 15 SP3
1.16.3-3.24.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise server 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise server 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.8.1
fixed
krb5-32bit
suse enterprise desktop 15 SP2
1.16.3-3.24.1
fixed
suse enterprise desktop 15 SP3
1.16.3-3.24.1
fixed
suse enterprise desktop 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise desktop 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise desktop 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise desktop 15 SP7
1.20.1-150600.11.8.1
fixed
suse enterprise sap 12 SP5
1.16.3-46.12.1
fixed
suse enterprise sap 15 SP2
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP3
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise sap 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise sap 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.8.1
fixed
suse enterprise server 12 SP5
1.16.3-46.12.1
fixed
suse enterprise server 15
1.15.2-150000.6.17.1
fixed
suse enterprise server 15 SP2
1.16.3-3.24.1
fixed
suse enterprise server 15 SP3
1.16.3-3.24.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise server 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise server 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.8.1
fixed
krb5-client
suse enterprise desktop 15 SP2
1.16.3-3.24.1
fixed
suse enterprise desktop 15 SP3
1.16.3-3.24.1
fixed
suse enterprise desktop 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise desktop 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise desktop 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise desktop 15 SP7
1.20.1-150600.11.8.1
fixed
suse enterprise sap 12 SP5
1.16.3-46.12.1
fixed
suse enterprise sap 15 SP2
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP3
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise sap 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise sap 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.8.1
fixed
suse enterprise server 12 SP5
1.16.3-46.12.1
fixed
suse enterprise server 15
1.15.2-150000.6.17.1
fixed
suse enterprise server 15 SP2
1.16.3-3.24.1
fixed
suse enterprise server 15 SP3
1.16.3-3.24.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise server 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise server 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.8.1
fixed
krb5-devel
suse enterprise desktop 15 SP2
1.16.3-3.24.1
fixed
suse enterprise desktop 15 SP3
1.16.3-3.24.1
fixed
suse enterprise desktop 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise desktop 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise desktop 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise desktop 15 SP7
1.20.1-150600.11.8.1
fixed
suse enterprise sap 15 SP2
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP3
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise sap 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise sap 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.8.1
fixed
suse enterprise server 15
1.15.2-150000.6.17.1
fixed
suse enterprise server 15 SP2
1.16.3-3.24.1
fixed
suse enterprise server 15 SP3
1.16.3-3.24.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise server 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise server 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.8.1
fixed
krb5-doc
suse enterprise sap 12 SP5
1.16.3-46.12.1
fixed
suse enterprise server 12 SP5
1.16.3-46.12.1
fixed
krb5-plugin-kdb-ldap
suse enterprise sap 12 SP5
1.16.3-46.12.1
fixed
suse enterprise sap 15 SP2
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP3
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.8.1
fixed
suse enterprise server 12 SP5
1.16.3-46.12.1
fixed
suse enterprise server 15
1.15.2-150000.6.17.1
fixed
suse enterprise server 15 SP2
1.16.3-3.24.1
fixed
suse enterprise server 15 SP3
1.16.3-3.24.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.8.1
fixed
krb5-plugin-preauth-otp
suse enterprise desktop 15 SP2
1.16.3-3.24.1
fixed
suse enterprise desktop 15 SP3
1.16.3-3.24.1
fixed
suse enterprise desktop 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise desktop 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise desktop 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise desktop 15 SP7
1.20.1-150600.11.8.1
fixed
suse enterprise sap 12 SP5
1.16.3-46.12.1
fixed
suse enterprise sap 15 SP2
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP3
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise sap 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise sap 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.8.1
fixed
suse enterprise server 12 SP5
1.16.3-46.12.1
fixed
suse enterprise server 15
1.15.2-150000.6.17.1
fixed
suse enterprise server 15 SP2
1.16.3-3.24.1
fixed
suse enterprise server 15 SP3
1.16.3-3.24.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise server 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise server 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.8.1
fixed
krb5-plugin-preauth-pkinit
suse enterprise desktop 15 SP2
1.16.3-3.24.1
fixed
suse enterprise desktop 15 SP3
1.16.3-3.24.1
fixed
suse enterprise desktop 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise desktop 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise desktop 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise desktop 15 SP7
1.20.1-150600.11.8.1
fixed
suse enterprise sap 12 SP5
1.16.3-46.12.1
fixed
suse enterprise sap 15 SP2
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP3
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise sap 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise sap 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.8.1
fixed
suse enterprise server 12 SP5
1.16.3-46.12.1
fixed
suse enterprise server 15
1.15.2-150000.6.17.1
fixed
suse enterprise server 15 SP2
1.16.3-3.24.1
fixed
suse enterprise server 15 SP3
1.16.3-3.24.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise server 15 SP5
1.20.1-150500.1.2
fixed
suse enterprise server 15 SP6
1.20.1-150600.9.2
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.8.1
fixed
krb5-server
suse enterprise sap 12 SP5
1.16.3-46.12.1
fixed
suse enterprise sap 15 SP2
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP3
1.16.3-3.24.1
fixed
suse enterprise sap 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.8.1
fixed
suse enterprise server 12 SP5
1.16.3-46.12.1
fixed
suse enterprise server 15
1.15.2-150000.6.17.1
fixed
suse enterprise server 15 SP2
1.16.3-3.24.1
fixed
suse enterprise server 15 SP3
1.16.3-3.24.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.1.9
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.8.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
krb5-devel
RHEL 7
0:1.15.1-51.el7_9
fixed
RHEL 8
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 AUS
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 E4S
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 EUS
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 TUS
0:1.18.2-8.3.el8_4
fixed
krb5-libs
RHEL 7
0:1.15.1-51.el7_9
fixed
RHEL 8
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 AUS
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 E4S
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 EUS
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 TUS
0:1.18.2-8.3.el8_4
fixed
krb5-pkinit
RHEL 7
0:1.15.1-51.el7_9
fixed
RHEL 8
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 AUS
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 E4S
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 EUS
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 TUS
0:1.18.2-8.3.el8_4
fixed
krb5-server
RHEL 7
0:1.15.1-51.el7_9
fixed
RHEL 8
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 AUS
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 E4S
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 EUS
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 TUS
0:1.18.2-8.3.el8_4
fixed
krb5-server-ldap
RHEL 7
0:1.15.1-51.el7_9
fixed
RHEL 8
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 AUS
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 E4S
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 EUS
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 TUS
0:1.18.2-8.3.el8_4
fixed
krb5-workstation
RHEL 7
0:1.15.1-51.el7_9
fixed
RHEL 8
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 AUS
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 E4S
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 EUS
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 TUS
0:1.18.2-8.3.el8_4
fixed
libkadm5
RHEL 7
0:1.15.1-51.el7_9
fixed
RHEL 8
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 AUS
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 E4S
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 EUS
0:1.18.2-8.3.el8_4
fixed
RHEL 8.4 TUS
0:1.18.2-8.3.el8_4
fixed
Common Weakness Enumeration
References
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
https://github.com/krb5/krb5/releases
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
https://security.netapp.com/advisory/ntap-20210923-0002/
https://web.mit.edu/kerberos/advisories/
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.starwindsoftware.com/security/sw-20220817-0004/
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
https://github.com/krb5/krb5/releases
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
https://security.netapp.com/advisory/ntap-20210923-0002/
https://web.mit.edu/kerberos/advisories/
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.starwindsoftware.com/security/sw-20220817-0004/