Published: 23/08/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 357

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) prior to 1.18.5 and 1.19.x prior to 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5
fedoraproject fedora 33
debian debian linux 9.0
starwindsoftware starwind virtual san v8r13
oracle communications cloud native core network slice selection function 22.1.0

Debian Bug report logs - #992607 CVE-2021-37750 in krb5: NULL dereference in authenticated FAST TGS request Package: krb5-kdc; Maintainer for krb5-kdc is Sam Hartman <hartmans@debianorg>; Source for krb5-kdc is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@mitedu> Date: Sat, 21 Aug 2021 02:54:01 ...

Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 12 (GitOps v122)Re ...

Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...

Synopsis Important: Service Telemetry Framework 14 security update Type/Severity Security Advisory: Important Topic An update is now available for Service Telemetry Framework 14 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

A flaw was found in krb5 The Key Distribution Center (KDC) in MIT Kerberos 5 has a NULL pointer dereference via a FAST inner body that lacks a server field An authenticated attacker could use this flaw to crash the Kerberos KDC server The highest threat from this vulnerability is to system availability (CVE-2021-37750) ...

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1185 and 119x before 1193 has a NULL pointer dereference in kdc/do_tgs_reqc via a FAST inner body that lacks a server field ...

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1193 has a NULL pointer dereference in kdc/do_tgs_reqc via a FAST inner body that lacks a server field ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-476 https://github.com/krb5/krb5/releases https://web.mit.edu/kerberos/advisories/https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49 https://security.netapp.com/advisory/ntap-20210923-0002/https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.starwindsoftware.com/security/sw-20220817-0004/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992607 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10 https://alas.aws.amazon.com/AL2/ALAS-2022-1738.html

CVE-2021-37750

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect