CVE-2024-37370
CVE Details
Visit the official vulnerability details page for CVE-2024-37370 to learn more.
Initial Publication
10/25/2024
Last Update
09/02/2025
Third Party Dependency
krb5
NIST CVE Summary
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
CVE Severity
Our Official Summary
This CVE is a message token handling issue reported on kerboros libraries. This affects krb5 packages in versions less than 1.21.3-1. Exploitation of this flaw could cause system crashes. Risk of this specific vulnerability for spectro cloud components is low. Working on removing/upgrading libraries to fix the issue.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.6.41 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.22 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.4.20 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
Revision History
No revisions available.