Vulnerabilities > MIT > Kerberos 5 > 1.21.1

DATE CVE VULNERABILITY TITLE RISK
2024-06-28 CVE-2024-37371 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
network
low complexity
mit debian
critical
 9.1
9.1
2024-06-28 CVE-2024-37370 Unspecified vulnerability in MIT Kerberos 5
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
network
low complexity
mit
7.5
7.5
2023-08-16 CVE-2023-39975 Double Free vulnerability in MIT Kerberos 5 1.21/1.21.1
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure.
network
low complexity
mit CWE-415
8.8
8.8