ГлавнаяУязвимости → CVE-2024-37371
9.1критическая

CVE-2024-37371

→ есть в БДУ: BDU:2024-07005 (на русском)
Описание (на английском; русское — в БДУ выше)

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

Затрагиваемое ПО
Mit Kerberos 5Debian Debian linux
CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Источники
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fefhttps://web.mit.edu/kerberos/www/advisories/https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fefhttps://security.netapp.com/advisory/ntap-20241108-0009/https://security.netapp.com/advisory/ntap-20250124-0010/https://web.mit.edu/kerberos/www/advisories/https://cert-portal.siemens.com/productcert/html/ssa-082556.html