Vulnerability CVE-2021-37750: Information
Description
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| krb5 | sisyphus | 1.19.3-alt1 | 1.21.2-alt2 | ALT-PU-2022-1486-1 | 296671 | Fixed |
| krb5 | sisyphus_e2k | 1.19.3-alt1 | 1.21.2-alt2 | ALT-PU-2022-4360-1 | - | Fixed |
| krb5 | sisyphus_riscv64 | 1.19.3-alt1 | 1.21.2-alt2 | ALT-PU-2022-4282-1 | - | Fixed |
| krb5 | p10 | 1.19.3-alt1 | 1.19.4-alt3 | ALT-PU-2022-1513-1 | 296676 | Fixed |
| krb5 | p10_e2k | 1.19.3-alt1 | 1.19.4-alt3 | ALT-PU-2022-4333-1 | - | Fixed |
| krb5 | p9 | 1.17.2-alt3 | 1.17.2-alt5 | ALT-PU-2022-1532-1 | 296674 | Fixed |
| krb5 | p9_e2k | 1.17.2-alt3 | 1.17.2-alt5 | ALT-PU-2022-4733-1 | - | Fixed |
| krb5 | c10f1 | 1.19.3-alt1 | 1.19.4-alt3 | ALT-PU-2022-1513-1 | 296676 | Fixed |
| krb5 | c9f2 | 1.17.2-alt3 | 1.17.2-alt5 | ALT-PU-2022-1505-1 | 296681 | Fixed |
| krb5 | p11 | 1.19.3-alt1 | 1.21.2-alt2 | ALT-PU-2022-1486-1 | 296671 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://github.com/krb5/krb5/releases |
|
| https://web.mit.edu/kerberos/advisories/ |
|
| https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49 |
|
| https://security.netapp.com/advisory/ntap-20210923-0002/ |
|
| [debian-lts-announce] 20210930 [SECURITY] [DLA 2771-1] krb5 security update |
|
| N/A |
|
| https://www.starwindsoftware.com/security/sw-20220817-0004/ |
|
| FEDORA-2021-f2c8514f02 |