CVE-2024-37370
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-37370
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-37370.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-37370
- Downstream
- Related
- Published
- 2024-06-28T22:15:02Z
- Modified
- 2025-10-21T21:45:31.527727Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
- References
Affected packages
Git / github.com/krb5/krb5
Affected ranges
- Type
- GIT
- Repo
- https://github.com/krb5/krb5
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
kfw-4.*
kfw-4.3-beta1
kfw-4.3-beta1-mit
krb5-1.*
krb5-1.21-beta1
krb5-1.21-final
krb5-1.21.1-final
krb5-1.21.2-final
Database specific
vanir_signatures
[
{
"source": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef",
"target": {
"function": "make_token",
"file": "src/tests/gssapi/t_invalid.c"
},
"deprecated": false,
"id": "CVE-2024-37370-1df7c73c",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 454.0,
"function_hash": "181288490691551539276030950384381900325"
}
},
{
"source": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef",
"target": {
"file": "src/lib/gssapi/krb5/k5sealv3.c"
},
"deprecated": false,
"id": "CVE-2024-37370-32c65a70",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"249506129078718211803429264891256381134",
"288149586519997172688793957007570430812",
"240646770775722692739035560481597382058",
"303900088052997634529903035635480983292",
"338126685936456179893363646948398891700",
"54487801512522521148961176327611494675",
"108745466256977167880621123289301581934"
]
}
},
{
"source": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef",
"target": {
"function": "gss_krb5int_unseal_token_v3",
"file": "src/lib/gssapi/krb5/k5sealv3.c"
},
"deprecated": false,
"id": "CVE-2024-37370-3f07a7bd",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 4337.0,
"function_hash": "98293196971926310410761654759985255839"
}
},
{
"source": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef",
"target": {
"function": "kg_unseal_iov_token",
"file": "src/lib/gssapi/krb5/k5unsealiov.c"
},
"deprecated": false,
"id": "CVE-2024-37370-41104b48",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 1693.0,
"function_hash": "303351386319676587296194179357777809979"
}
},
{
"source": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef",
"target": {
"function": "make_fake_context",
"file": "src/tests/gssapi/t_invalid.c"
},
"deprecated": false,
"id": "CVE-2024-37370-5c771456",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 954.0,
"function_hash": "140177844166912038852243412243705372883"
}
},
{
"source": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef",
"target": {
"file": "src/lib/gssapi/krb5/k5sealv3iov.c"
},
"deprecated": false,
"id": "CVE-2024-37370-7d836a9b",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"230425656155783130342333519260053525979",
"229344041728628893963599055128908416781",
"253458744637640492840184618760152751593",
"27574026631851263555301678032649503933",
"163608176491538825945561015738662347868",
"247119585514961648511300436561989594849",
"278020424269055034555322742033740408648"
]
}
},
{
"source": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef",
"target": {
"function": "make_fake_cfx_context",
"file": "src/tests/gssapi/t_invalid.c"
},
"deprecated": false,
"id": "CVE-2024-37370-ad93d025",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 711.0,
"function_hash": "220604563734506325727267498493098391188"
}
},
{
"source": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef",
"target": {
"function": "main",
"file": "src/tests/gssapi/t_invalid.c"
},
"deprecated": false,
"id": "CVE-2024-37370-ada3136f",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 422.0,
"function_hash": "289612554992914395914056291750669305271"
}
},
{
"source": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef",
"target": {
"function": "gss_krb5int_unseal_v3_iov",
"file": "src/lib/gssapi/krb5/k5sealv3iov.c"
},
"deprecated": false,
"id": "CVE-2024-37370-b8dd53d5",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 3741.0,
"function_hash": "195348772871666817748336395484823275086"
}
},
{
"source": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef",
"target": {
"function": "try_accept",
"file": "src/tests/gssapi/t_invalid.c"
},
"deprecated": false,
"id": "CVE-2024-37370-dff4f89b",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 504.0,
"function_hash": "138180890806099684658054031274090919201"
}
},
{
"source": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef",
"target": {
"file": "src/lib/gssapi/krb5/k5unsealiov.c"
},
"deprecated": false,
"id": "CVE-2024-37370-e203cdf1",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"233632372815735821944452845218895474531",
"262355901222310656430491832498492947441",
"268895778251236432784648419410582503983",
"242461635590865998631206143405748904830",
"136801142089113954101277361283389620689",
"189321458024708033060279185243566343885",
"290457867488243979744144828237846139487",
"39653275422146381986640722615307140275",
"185110370425662329074055136086264140266",
"189654905727076676654792769577175054552",
"136186376754499126779963917652247664150",
"223645431530016318804164688796263486347",
"49992899863462079845897870321928455409",
"165526590684903766152291801862009571920",
"116800409787590243855009395891408830996",
"41793673749647707537679796596010563700",
"242286896785079614426167607149757882771",
"225704161944435927268696388495845123748",
"141669129805271476436645833121972852721",
"54944304351176642967641798106546604205",
"284634114269162632948060880050218330222",
"76660648972109655373638037035437315060",
"287018580442253345217872547137936767094",
"304142749247190506366625925409835191535"
]
}
},
{
"source": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef",
"target": {
"file": "src/tests/gssapi/t_invalid.c"
},
"deprecated": false,
"id": "CVE-2024-37370-fd1182da",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"46081912875478378167730162008287322351",
"149464097080068881471347518859610212764",
"35892351460835453544008038688602856515",
"54193177529587539228755428234936348740",
"164919141884014013814068777599774886015",
"120496654672254995287920120158482526705",
"126554600910143298594949515314786008045",
"333585463244526508338891052561915148049",
"256958163279390832948676018252331667586",
"262422870513302958039067222912526722592",
"61211325234348376708953122507925163417",
"299171055584048307906145994035865535193",
"336778840970254188031917970539975140587",
"166905904496776334174792100394807230944",
"111540463162605207689684621130918551539",
"207989100659469986248173380551508280264",
"97565035193547563755299054306486660559",
"69705857514109298907482687201353136595",
"250515738642808039124425234233033315531",
"25261943639470381576433545951373342846",
"155968463102505524668649792799427011221",
"226717774503492914134307443293630104298",
"119746595982831932772533352709249224472",
"196023733304730656852142114701616683193",
"333585463244526508338891052561915148049",
"256958163279390832948676018252331667586",
"262422870513302958039067222912526722592",
"61211325234348376708953122507925163417",
"336309751092384052925872768691007552095",
"15965313950902173205363818520986908205",
"230696040828335200846382527277056168876",
"320698243185774739555952786486669431219",
"155968463102505524668649792799427011221",
"226717774503492914134307443293630104298",
"119746595982831932772533352709249224472",
"196023733304730656852142114701616683193",
"42243522612720981631743587746788479498",
"307693904798826635995673740120516367504",
"238104374601084847629065065964754142982",
"297261495332378516068495605326068638926",
"33800677824973969342210146568669583464",
"293733998953732843216992635301307589459",
"65091210993800138874533158244793717783",
"245127060547121105878227485765971721395",
"23787540765483663146986435862528184311",
"231102783850306336970285948930938627737",
"307723069298870506556379174009256423268",
"282595538099047009400025529636777782070",
"296206049940099696660706586968381551308",
"174176388500282705820751983962690765736",
"260808767835095792348025919998486224897",
"172593446264879008148516919958583180417",
"254639008005813116174205609668589472439",
"34645225354467353828647583503494433",
"322226675994480185991064709950238932153",
"299134670706231447773652766012690091836",
"53168281897773373193406564668365842996",
"103977377026834181519666834105319338038",
"238721725913302095997120732506934052516",
"165575549363718143018069936434504485186",
"23647356369235017987347520688540098274",
"220262945418189216628434421934641596489"
]
}
}
]