CLSA-2026-1779461988
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1779461988.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1779461988
- Upstream
- Published
- 2026-05-22T14:59:52Z
- Modified
- 2026-05-29T01:18:42.876770334Z
- Summary
- krb5: Fix of 3 CVEs
- Details
-
- CVE-2024-3596: generate and verify Message-Authenticator MACs in libkrad to mitigate the BlastRADIUS attack on the RADIUS protocol; includes follow-up fix for uninitialized pointer dereference in kradpacketdecode_request
- CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap token to avoid appearing truncated to application
- CVE-2024-37371: fix invalid memory reads during GSS message token handling
- References