CVE-2021-37750

Summary

CVE	CVE-2021-37750
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-08-23 05:15:00 UTC
Updated	2023-11-07 03:37:00 UTC
Description	The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

Risk And Classification

Problem Types: CWE-476

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Application	Mit	Kerberos 5	All	All	All	All
Application	Oracle	Communications Cloud Native Core Network Slice Selection Function	22.1.0	All	All	All
Application	Starwindsoftware	Starwind Virtual San	v8r13	14338	All	All

References

Reference	Source	Link	Tags
CVE-2021-37750 MIT Kerberos 5 vulnerability in StarWind products	MISC	www.starwindsoftware.com
[SECURITY] [DLA 2771-1] krb5 security update	MLIST	lists.debian.org
[SECURITY] Fedora 33 Update: krb5-1.18.2-31.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Kerberos Security Advisories	MISC	web.mit.edu
Releases · krb5/krb5 · GitHub	MISC	github.com
Fix KDC null deref on TGS inner body null server · krb5/krb5@d775c95 · GitHub	CONFIRM	github.com
CVE-2021-37750 MIT Kerberos 5 Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
[SECURITY] Fedora 33 Update: krb5-1.18.2-31.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Oracle Critical Patch Update Advisory - July 2022	N/A	www.oracle.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159406 Oracle Enterprise Linux Security Update for krb5 (ELSA-2021-3576)
159541 Oracle Enterprise Linux Security Update for krb5 (ELSA-2021-4788)
178852 Debian Security Update for krb5 (DLA 2771-1)
180600 Debian Security Update for krb5 (CVE-2021-37750)
199244 Ubuntu Security Notification for Kerberos Vulnerabilities (USN-5959-1)
20317 Oracle Database 21c Critical Patch Update - January 2023
20318 Oracle Database 19c Critical Patch Update - January 2023
20319 Oracle Database 19c Critical OJVM Patch Update - January 2023
239649 Red Hat Update for krb5 (RHSA-2021:3576)
239903 Red Hat Update for krb5 (RHSA-2021:4788)
257133 CentOS Security Update for krb5 (CESA-2021:4788)
281836 Fedora Security Update for krb5 (FEDORA-2021-20b495cb94)
281865 Fedora Security Update for krb5 (FEDORA-2021-f2c8514f02)
296086 Oracle Solaris 11.4 Support Repository Update (SRU) 51.132.1 Missing (CPUOCT2022)
353125 Amazon Linux Security Advisory for krb5 : ALAS2-2022-1738
377262 Alibaba Cloud Linux Security Update for krb5 (ALINUX2-SA-2021:0068)
377412 Alibaba Cloud Linux Security Update for krb5 (ALINUX3-SA-2021:0068)
500277 Alpine Linux Security Update for krb5
501964 Alpine Linux Security Update for krb5
504042 Alpine Linux Security Update for krb5
591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
670820 EulerOS Security Update for krb5 (EulerOS-SA-2021-2714)
670960 EulerOS Security Update for krb5 (EulerOS-SA-2021-2689)
671029 EulerOS Security Update for krb5 (EulerOS-SA-2021-2664)
671054 EulerOS Security Update for krb5 (EulerOS-SA-2021-2637)
671234 EulerOS Security Update for krb5 (EulerOS-SA-2022-1172)
730371 McAfee Web Gateway Multiple Vulnerabilities (WP-3335,WP-4131,WP-4159,WP-4237,WP-4259,WP-4329,WP-4348,WP-4355,WP-4376,WP-4407,WP-4421)
751249 OpenSUSE Security Update for krb5 (openSUSE-SU-2021:3454-1)
751297 OpenSUSE Security Update for krb5 (openSUSE-SU-2021:1411-1)
752841 SUSE Enterprise Linux Security Update for krb5 (SUSE-SU-2022:4154-1)
900435 Common Base Linux Mariner (CBL-Mariner) Security Update for krb5 (5995)
901521 Common Base Linux Mariner (CBL-Mariner) Security Update for krb5 (6608)
902338 Common Base Linux Mariner (CBL-Mariner) Security Update for krb5 (6608-1)
940422 AlmaLinux Security Update for krb5 (ALSA-2021:3576)
960057 Rocky Linux Security Update for krb5 (RLSA-2021:3576)