CVE-2024-37370

ADVISORY - nist

Summary

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.

EPSS Score⁠: 0.0009 (0.266)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-345⁠

Insufficient Verification of Data Authenticity

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.