CVE-2024-37370

EUVD-2024-36618
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
mitkerberos_5
𝑥
< 1.21.3
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
SiemensSIMATIC S7-1500 CPU 1518-4 PN\/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
SiemensSIMATIC S7-1500 CPU 1518-4 PN\/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
SiemensSIMATIC S7-1500 CPU 1518F-4 PN\/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
SiemensSIMATIC S7-1500 CPU 1518F-4 PN\/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
SiemensSIPLUS S7-1500 CPU 1518-4 PN\/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
Debian logo
Debian Releases
Debian Product
Codename
krb5
bookworm
1.20.1-2+deb12u4
fixed
bookworm (security)
1.20.1-2+deb12u2
fixed
bullseye
1.18.3-6+deb11u5
fixed
bullseye (security)
1.18.3-6+deb11u7
fixed
forky
1.22.1-2
fixed
sid
1.22.1-2
fixed
trixie
1.21.3-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
krb5
bionic
Fixed 1.16-2ubuntu0.4+esm2
released
focal
Fixed 1.17-6ubuntu4.6
released
jammy
Fixed 1.19.2-2ubuntu0.4
released
mantic
ignored
noble
Fixed 1.20.1-6ubuntu2.1
released
oracular
not-affected
trusty
Fixed 1.12+dfsg-2ubuntu5.4+esm5
released
xenial
Fixed 1.13.2+dfsg-5ubuntu2.2+esm5
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
krb5
suse enterprise desktop 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise desktop 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise desktop 15 SP7
1.20.1-150600.11.3.1
fixed
suse enterprise sap 12 SP5
1.16.3-46.15.1
fixed
suse enterprise sap 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise sap 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.3.1
fixed
suse enterprise server 12 SP3
1.12.5-40.61.1
fixed
suse enterprise server 12 SP5
1.16.3-46.15.1
fixed
suse enterprise server 15 SP2
1.16.3-150100.3.36.1
fixed
suse enterprise server 15 SP3
1.19.2-150300.19.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.3.12.1
fixed
suse enterprise server 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise server 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.3.1
fixed
krb5-32bit
suse enterprise desktop 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise desktop 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise desktop 15 SP7
1.20.1-150600.11.3.1
fixed
suse enterprise sap 12 SP5
1.16.3-46.15.1
fixed
suse enterprise sap 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise sap 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.3.1
fixed
suse enterprise server 12 SP3
1.12.5-40.61.1
fixed
suse enterprise server 12 SP5
1.16.3-46.15.1
fixed
suse enterprise server 15 SP2
1.16.3-150100.3.36.1
fixed
suse enterprise server 15 SP3
1.19.2-150300.19.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.3.12.1
fixed
suse enterprise server 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise server 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.3.1
fixed
krb5-client
suse enterprise desktop 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise desktop 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise desktop 15 SP7
1.20.1-150600.11.3.1
fixed
suse enterprise sap 12 SP5
1.16.3-46.15.1
fixed
suse enterprise sap 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise sap 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.3.1
fixed
suse enterprise server 12 SP3
1.12.5-40.61.1
fixed
suse enterprise server 12 SP5
1.16.3-46.15.1
fixed
suse enterprise server 15 SP2
1.16.3-150100.3.36.1
fixed
suse enterprise server 15 SP3
1.19.2-150300.19.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.3.12.1
fixed
suse enterprise server 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise server 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.3.1
fixed
krb5-devel
suse enterprise desktop 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise desktop 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise desktop 15 SP7
1.20.1-150600.11.3.1
fixed
suse enterprise sap 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise sap 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.3.1
fixed
suse enterprise server 15 SP2
1.16.3-150100.3.36.1
fixed
suse enterprise server 15 SP3
1.19.2-150300.19.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.3.12.1
fixed
suse enterprise server 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise server 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.3.1
fixed
krb5-doc
suse enterprise sap 12 SP5
1.16.3-46.15.1
fixed
suse enterprise server 12 SP3
1.12.5-40.61.1
fixed
suse enterprise server 12 SP5
1.16.3-46.15.1
fixed
krb5-plugin-kdb-ldap
suse enterprise sap 12 SP5
1.16.3-46.15.1
fixed
suse enterprise sap 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise sap 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.3.1
fixed
suse enterprise server 12 SP3
1.12.5-40.61.1
fixed
suse enterprise server 12 SP5
1.16.3-46.15.1
fixed
suse enterprise server 15 SP2
1.16.3-150100.3.36.1
fixed
suse enterprise server 15 SP3
1.19.2-150300.19.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.3.12.1
fixed
suse enterprise server 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise server 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.3.1
fixed
krb5-plugin-preauth-otp
suse enterprise desktop 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise desktop 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise desktop 15 SP7
1.20.1-150600.11.3.1
fixed
suse enterprise sap 12 SP5
1.16.3-46.15.1
fixed
suse enterprise sap 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise sap 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.3.1
fixed
suse enterprise server 12 SP3
1.12.5-40.61.1
fixed
suse enterprise server 12 SP5
1.16.3-46.15.1
fixed
suse enterprise server 15 SP2
1.16.3-150100.3.36.1
fixed
suse enterprise server 15 SP3
1.19.2-150300.19.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.3.12.1
fixed
suse enterprise server 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise server 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.3.1
fixed
krb5-plugin-preauth-pkinit
suse enterprise desktop 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise desktop 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise desktop 15 SP7
1.20.1-150600.11.3.1
fixed
suse enterprise sap 12 SP5
1.16.3-46.15.1
fixed
suse enterprise sap 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise sap 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.3.1
fixed
suse enterprise server 12 SP3
1.12.5-40.61.1
fixed
suse enterprise server 12 SP5
1.16.3-46.15.1
fixed
suse enterprise server 15 SP2
1.16.3-150100.3.36.1
fixed
suse enterprise server 15 SP3
1.19.2-150300.19.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.3.12.1
fixed
suse enterprise server 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise server 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.3.1
fixed
krb5-plugin-preauth-spake
suse enterprise server 15 SP3
1.19.2-150300.19.1
fixed
krb5-server
suse enterprise sap 12 SP5
1.16.3-46.15.1
fixed
suse enterprise sap 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise sap 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise sap 15 SP7
1.20.1-150600.11.3.1
fixed
suse enterprise server 12 SP3
1.12.5-40.61.1
fixed
suse enterprise server 12 SP5
1.16.3-46.15.1
fixed
suse enterprise server 15 SP2
1.16.3-150100.3.36.1
fixed
suse enterprise server 15 SP3
1.19.2-150300.19.1
fixed
suse enterprise server 15 SP4
1.19.2-150400.3.12.1
fixed
suse enterprise server 15 SP5
1.20.1-150500.3.9.1
fixed
suse enterprise server 15 SP6
1.20.1-150600.11.3.1
fixed
suse enterprise server 15 SP7
1.20.1-150600.11.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
krb5-devel
RHEL 8
0:1.18.2-29.el8_10
fixed
RHEL 8.2 AUS
0:1.17-19.el8_2.1
fixed
RHEL 8.4 AUS
0:1.18.2-9.el8_4.1
fixed
RHEL 8.4 E4S
0:1.18.2-9.el8_4.1
fixed
RHEL 8.4 TUS
0:1.18.2-9.el8_4.1
fixed
RHEL 8.6 AUS
0:1.18.2-16.el8_6.1
fixed
RHEL 8.6 E4S
0:1.18.2-16.el8_6.1
fixed
RHEL 8.6 TUS
0:1.18.2-16.el8_6.1
fixed
RHEL 8.8 AUS
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 E4S
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 EUS
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 TUS
0:1.18.2-26.el8_8.2
fixed
RHEL 9
0:1.21.1-2.el9_4
fixed
krb5-libs
RHEL 8
0:1.18.2-29.el8_10
fixed
RHEL 8.2 AUS
0:1.17-19.el8_2.1
fixed
RHEL 8.4 AUS
0:1.18.2-9.el8_4.1
fixed
RHEL 8.4 E4S
0:1.18.2-9.el8_4.1
fixed
RHEL 8.4 TUS
0:1.18.2-9.el8_4.1
fixed
RHEL 8.6 AUS
0:1.18.2-16.el8_6.1
fixed
RHEL 8.6 E4S
0:1.18.2-16.el8_6.1
fixed
RHEL 8.6 TUS
0:1.18.2-16.el8_6.1
fixed
RHEL 8.8 AUS
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 E4S
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 EUS
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 TUS
0:1.18.2-26.el8_8.2
fixed
RHEL 9
0:1.21.1-2.el9_4
fixed
krb5-pkinit
RHEL 8
0:1.18.2-29.el8_10
fixed
RHEL 8.2 AUS
0:1.17-19.el8_2.1
fixed
RHEL 8.4 AUS
0:1.18.2-9.el8_4.1
fixed
RHEL 8.4 E4S
0:1.18.2-9.el8_4.1
fixed
RHEL 8.4 TUS
0:1.18.2-9.el8_4.1
fixed
RHEL 8.6 AUS
0:1.18.2-16.el8_6.1
fixed
RHEL 8.6 E4S
0:1.18.2-16.el8_6.1
fixed
RHEL 8.6 TUS
0:1.18.2-16.el8_6.1
fixed
RHEL 8.8 AUS
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 E4S
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 EUS
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 TUS
0:1.18.2-26.el8_8.2
fixed
RHEL 9
0:1.21.1-2.el9_4
fixed
krb5-server
RHEL 8
0:1.18.2-29.el8_10
fixed
RHEL 8.2 AUS
0:1.17-19.el8_2.1
fixed
RHEL 8.4 AUS
0:1.18.2-9.el8_4.1
fixed
RHEL 8.4 E4S
0:1.18.2-9.el8_4.1
fixed
RHEL 8.4 TUS
0:1.18.2-9.el8_4.1
fixed
RHEL 8.6 AUS
0:1.18.2-16.el8_6.1
fixed
RHEL 8.6 E4S
0:1.18.2-16.el8_6.1
fixed
RHEL 8.6 TUS
0:1.18.2-16.el8_6.1
fixed
RHEL 8.8 AUS
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 E4S
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 EUS
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 TUS
0:1.18.2-26.el8_8.2
fixed
RHEL 9
0:1.21.1-2.el9_4
fixed
krb5-server-ldap
RHEL 8
0:1.18.2-29.el8_10
fixed
RHEL 8.2 AUS
0:1.17-19.el8_2.1
fixed
RHEL 8.4 AUS
0:1.18.2-9.el8_4.1
fixed
RHEL 8.4 E4S
0:1.18.2-9.el8_4.1
fixed
RHEL 8.4 TUS
0:1.18.2-9.el8_4.1
fixed
RHEL 8.6 AUS
0:1.18.2-16.el8_6.1
fixed
RHEL 8.6 E4S
0:1.18.2-16.el8_6.1
fixed
RHEL 8.6 TUS
0:1.18.2-16.el8_6.1
fixed
RHEL 8.8 AUS
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 E4S
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 EUS
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 TUS
0:1.18.2-26.el8_8.2
fixed
RHEL 9
0:1.21.1-2.el9_4
fixed
krb5-workstation
RHEL 8
0:1.18.2-29.el8_10
fixed
RHEL 8.2 AUS
0:1.17-19.el8_2.1
fixed
RHEL 8.4 AUS
0:1.18.2-9.el8_4.1
fixed
RHEL 8.4 E4S
0:1.18.2-9.el8_4.1
fixed
RHEL 8.4 TUS
0:1.18.2-9.el8_4.1
fixed
RHEL 8.6 AUS
0:1.18.2-16.el8_6.1
fixed
RHEL 8.6 E4S
0:1.18.2-16.el8_6.1
fixed
RHEL 8.6 TUS
0:1.18.2-16.el8_6.1
fixed
RHEL 8.8 AUS
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 E4S
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 EUS
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 TUS
0:1.18.2-26.el8_8.2
fixed
RHEL 9
0:1.21.1-2.el9_4
fixed
libkadm5
RHEL 8
0:1.18.2-29.el8_10
fixed
RHEL 8.2 AUS
0:1.17-19.el8_2.1
fixed
RHEL 8.4 AUS
0:1.18.2-9.el8_4.1
fixed
RHEL 8.4 E4S
0:1.18.2-9.el8_4.1
fixed
RHEL 8.4 TUS
0:1.18.2-9.el8_4.1
fixed
RHEL 8.6 AUS
0:1.18.2-16.el8_6.1
fixed
RHEL 8.6 E4S
0:1.18.2-16.el8_6.1
fixed
RHEL 8.6 TUS
0:1.18.2-16.el8_6.1
fixed
RHEL 8.8 AUS
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 E4S
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 EUS
0:1.18.2-26.el8_8.2
fixed
RHEL 8.8 TUS
0:1.18.2-26.el8_8.2
fixed
RHEL 9
0:1.21.1-2.el9_4
fixed
Common Weakness Enumeration
References
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
https://web.mit.edu/kerberos/www/advisories/
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
https://security.netapp.com/advisory/ntap-20241108-0007/
https://web.mit.edu/kerberos/www/advisories/
https://cert-portal.siemens.com/productcert/html/ssa-082556.html