Skip to main content
Version: latest

CVE-2024-37370

CVE Details

Visit the official vulnerability details page for CVE-2024-37370 to learn more.

Initial Publication

10/26/2024

Last Update

03/18/2025

Third Party Dependency

krb5

NIST CVE Summary

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.

CVE Severity

7.5

Our Official Summary

This CVE is a message token handling issue reported on kerboros libraries. This affects krb5 packages in versions less than 1.21.3-1. Exploitation of this flaw could cause system crashes. Risk of this specific vulnerability for spectro cloud components is low. Working on removing/upgrading libraries to fix the issue.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.6.13⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.6.12⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.6.8⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.6.7⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.6.6⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.22⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.21⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.20⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.15⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.11⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.10⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.8⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.5⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.4⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.4.20⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted

Revision History

DateRevision
03/18/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8, 4.6.12
03/01/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8
02/21/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7
02/17/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20, 4.5.21, 4.5.22 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6
02/14/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20, 4.5.21 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20, 4.5.21, 4.5.22
02/05/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20, 4.5.21
01/20/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20
12/16/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15
11/29/2024Advisory severity revised to HIGH from CRITICAL
11/28/2024Advisory severity revised to CRITICAL from HIGH
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10
11/14/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20
11/10/2024Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.5.8
10/27/2024Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5