CVE-2021-37750

AST

Medium

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc…

CVSS

6.5

Medium

EPSS

0.02

p80

Published

2021-01-01

Updated

2021-01-01

Description

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

Tags · CWE

CWE-476

Affected products

Krb5Krb5Krb5Krb5Krb5Krb5Krb5Krb5Krb5Krb5Krb5Krb5Krb5Krb5Krb5Krb5Krb5Krb5Krb5Krb5-doc

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

2021-01-01

Published

2021-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: L

Low (L)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.022 · p80

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Product	Vendor	Status
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5-doc		Tracked

Showing first 20 of 32

Source databases

AST

DEB

CVE

RED

UBU

Related vulnerabilities

BDU:2026-01437