{"id":"CVE-2021-37750","details":"The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.","modified":"2026-05-19T04:02:27.732694547Z","published":"2021-08-23T05:15:08.063Z","related":["SUSE-SU-2021:3454-1","SUSE-SU-2021:3454-2","SUSE-SU-2022:4154-1","SUSE-SU-2024:1702-1","openSUSE-SU-2021:1411-1","openSUSE-SU-2021:3454-1","openSUSE-SU-2024:10899-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux","extracted_events":[{"last_affected":"9.0"}]},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"],"vendor_product":"fedoraproject:fedora","extracted_events":[{"last_affected":"33"}]},{"cpes":["cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"mit:kerberos_5","extracted_events":[{"fixed":"1.18.5"}]},{"source":"CPE_FIELD","cpes":["cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*"],"vendor_product":"oracle:communications_cloud_native_core_network_slice_selection_function","extracted_events":[{"last_affected":"22.1.0"}]},{"source":"CPE_FIELD","cpes":["cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14338:*:*:*:*:*:*"],"vendor_product":"starwindsoftware:starwind_virtual_san","extracted_events":[{"last_affected":"v8r13-14338"}]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/"},{"type":"ADVISORY","url":"https://github.com/krb5/krb5/releases"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210923-0002/"},{"type":"ADVISORY","url":"https://web.mit.edu/kerberos/advisories/"},{"type":"ADVISORY","url":"https://www.starwindsoftware.com/security/sw-20220817-0004/"},{"type":"FIX","url":"https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujul2022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/krb5/krb5","events":[{"introduced":"0"},{"fixed":"78e00c57d8aea567ab435fe802b730029fded242"},{"fixed":"f886ccde056f3e8ad4c1fb35cb9f4a7d7f1c1d5c"},{"fixed":"d775c95af7606a51bf79547a94fa52ddd1cb7f49"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"1.18.5"},{"introduced":"1.19.0"},{"fixed":"1.19.3"}],"cpe":"cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*"}}],"versions":["krb5-1.19.2-final","krb5-1.18.4-final","krb5-1.19.1-final","krb5-1.19-final","krb5-1.19-beta2","krb5-1.19-beta1","krb5-1.18.3-final","krb5-1.18.2-final","krb5-1.18.1-final","krb5-1.18-final","krb5-1.18-beta2","krb5-1.18-beta1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37750.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}