Vulnerability Details : CVE-2021-37750

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

Vulnerability category: Memory Corruption

Published 2021-08-23 05:15:08

Updated 2022-10-25 16:57:33

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-37750

Probability of exploitation activity in the next 30 days: 0.27%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-37750

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P	8.0	2.9	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	nvd@nist.gov
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-37750

CWE-476 NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-37750

https://github.com/krb5/krb5/releases

Releases · krb5/krb5 · GitHub
Release Notes;Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html

[SECURITY] [DLA 2771-1] krb5 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/

[SECURITY] Fedora 33 Update: krb5-1.18.2-31.fc33 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://security.netapp.com/advisory/ntap-20210923-0002/

CVE-2021-37750 MIT Kerberos 5 Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220817-0004/

CVE-2021-37750 MIT Kerberos 5 vulnerability in StarWind products
Third Party Advisory
https://web.mit.edu/kerberos/advisories/

Kerberos Security Advisories
Vendor Advisory

CVEs referencing this url
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49

Fix KDC null deref on TGS inner body null server · krb5/krb5@d775c95 · GitHub
Patch;Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html

Oracle Critical Patch Update Advisory - July 2022
Patch;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2021-37750

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
MIT » Kerberos 5
Versions from including (>=) 1.19.0 and before (<) 1.19.3
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
Matching versions
MIT » Kerberos 5
Versions before (<) 1.18.5
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Cloud Native Core Network Slice Selection Function » Version: 22.1.0
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Matching versions
Starwindsoftware » Starwind Virtual San » Version: V8r13 Update 14338
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14338:*:*:*:*:*:*
Matching versions