Vulnerabilities > MIT > Kerberos 5 > 1.20
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-28 | CVE-2024-37371 | In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. | 9.1 |
| 2024-06-28 | CVE-2024-37370 | Unspecified vulnerability in MIT Kerberos 5 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. | 7.5 |
| 2023-08-07 | CVE-2023-36054 | Access of Uninitialized Pointer vulnerability in multiple products lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. | 6.5 |
| 2022-12-25 | CVE-2022-42898 | Integer Overflow or Wraparound vulnerability in multiple products PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. | 8.8 |