CVE
CVE-2024-37370
| CVE ID |
CVE-2024-37370
|
|---|---|
| CVSS Score |
7.5
|
| Operating System | |
| Affected Versions |
CentOS 7
|
| Patched Versions |
1.15.1-55_ol001.el7
|
| Patch Date |
|
Additional Information
NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2024-37370
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.