Component name : kerberos
Package name: krb5
Is second-level dependency? False
Branch name: 5.0
NVD url : https://nvd.nist.gov/vuln/detail?vulnId=CVE-2024-37371
CVSS v2 score : 0.0
CVSS v3 score : 6.5
Affected Version : 1.20.2-3
Description:
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
Component name : kerberos
Package name: krb5
Is second-level dependency? False
Branch name: 5.0
NVD url : https://nvd.nist.gov/vuln/detail?vulnId=CVE-2024-37370
CVSS v2 score : 0.0
CVSS v3 score : 7.4
Affected Version : 1.20.2-3
Description:
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
The cause of these vulnerabilities is currently being investigated by the VMware Engineering team.
Resolved in vCenter Server 8.0 U3e.