CVE-2021-37750

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/dotgsreq.c via a FAST inner body that lacks a server field.

References

Affected packages

Git / github.com/krb5/krb5

Affected ranges

Type: GIT
Repo: https://github.com/krb5/krb5
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d775c95af7606a51bf79547a94fa52ddd1cb7f49

Database specific

vanir_signatures

[
    {
        "id": "CVE-2021-37750-6610d9b5",
        "target": {
            "function": "process_tgs_req",
            "file": "src/kdc/do_tgs_req.c"
        },
        "digest": {
            "length": 14255.0,
            "function_hash": "256313135997629940279080382534511192649"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2021-37750-d4305430",
        "target": {
            "file": "src/kdc/do_tgs_req.c"
        },
        "digest": {
            "line_hashes": [
                "85759854495363053129708329220649920226",
                "106951285823959472315379620424094599901",
                "35353251504946687087079113116870528593",
                "137141899296435357137104491440352983080"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49",
        "signature_type": "Line"
    }
]