{"id":"MGASA-2024-0253","summary":"Updated krb5 packages fix security vulnerabilities","details":"Before 1.21.3, an attacker can modify the plaintext Extra Count field of\na confidential GSS krb5 wrap token, causing the unwrapped token to\nappear truncated to the application. (CVE-2024-37370)\nBefore 1.21.3, an attacker can cause invalid memory reads during GSS\nmessage token handling by sending message tokens with invalid length\nfields. (CVE-2024-37371)\n","modified":"2026-04-16T00:11:29.494015344Z","published":"2024-07-03T16:36:28Z","upstream":["CVE-2024-37370","CVE-2024-37371"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0253.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33344"}],"affected":[{"package":{"name":"krb5","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/krb5?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.1-1.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0253.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}