Skip to main content
Version: latest

CVE-2024-37370

CVE Details

Visit the official vulnerability details page for CVE-2024-37370 to learn more.

Initial Publication

10/25/2024

Last Update

09/02/2025

Third Party Dependency

krb5

NIST CVE Summary

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.

CVE Severity

7.5

Our Official Summary

This CVE is a message token handling issue reported on kerboros libraries. This affects krb5 packages in versions less than 1.21.3-1. Exploitation of this flaw could cause system crashes. Risk of this specific vulnerability for spectro cloud components is low. Working on removing/upgrading libraries to fix the issue.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.7.16⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.6.41⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.22⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.4.20⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted

Revision History

No revisions available.