CVE-2024-37371
CVE Details
Last Update
8/30/2024
NIST CVE Summary
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
Our Official Summary
This CVE is a memory corruption vulnerability reported on kerboros libraries. Attackers could potentially exploit a flaw within Kerberos' handling of GSS (Generic Security Service) message tokens to cause invalid memory reads, potentially leading to system crashes. Risk of this specific vulnerability for spectro cloud components is low. Working on removing/upgrading libraries to fix the issue.
CVE Severity
Status
Ongoing
Affected Products & Versions
- Palette VerteX 4.4.14
Revision History
- 1.0 08/30/2024 Initial Publication
- 2.0 08/30/2024 Added Palette VerteX 4.4.14 to Affected Products