01642 06 11 11 Arrange Call

Invalid Memory Reads in MIT Kerberos 5 (krb5) Message Token Handling

CVE-2024-37371 · CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

Learn more about our Cis Benchmark Audit For Mit Kerberos.