-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* 8-30-24 cve update * ci: auto-formatting prettier issues --------- Co-authored-by: frederickjoi <[email protected]>
- Loading branch information
1 parent
7a27c3d
commit 8ab2d3b
Showing
5 changed files
with
155 additions
and
56 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
45 changes: 45 additions & 0 deletions
45
docs/docs-content/security-bulletins/reports/cve-2024-37370.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-37370" | ||
| title: "CVE-2024-37370" | ||
| description: "Lifecycle of CVE-2024-37370" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-37370](https://nvd.nist.gov/vuln/detail/CVE-2024-37370) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 8/30/2024 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS | ||
| krb5 wrap token, causing the unwrapped token to appear truncated to the application. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| This CVE is a message token handling issue reported on kerboros libraries. This affects krb5 packages in versions less | ||
| than 1.21.3-1. Exploitation of this flaw could cause system crashes. Risk of this specific vulnerability for spectro | ||
| cloud components is low. Working on removing/upgrading libraries to fix the issue. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-37370) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 08/30/2024 Initial Publication | ||
| - 2.0 08/30/2024 Added Palette VerteX 4.4.14 to Affected Products |
46 changes: 46 additions & 0 deletions
46
docs/docs-content/security-bulletins/reports/cve-2024-37371.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-37371" | ||
| title: "CVE-2024-37371" | ||
| description: "Lifecycle of CVE-2024-37371" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-37371](https://nvd.nist.gov/vuln/detail/CVE-2024-37371) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 8/30/2024 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling | ||
| by sending message tokens with invalid length fields. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| This CVE is a memory corruption vulnerability reported on kerboros libraries. Attackers could potentially exploit a flaw | ||
| within Kerberos' handling of GSS (Generic Security Service) message tokens to cause invalid memory reads, potentially | ||
| leading to system crashes. Risk of this specific vulnerability for spectro cloud components is low. Working on | ||
| removing/upgrading libraries to fix the issue. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [9.1](https://nvd.nist.gov/vuln/detail/CVE-2024-37371) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 08/30/2024 Initial Publication | ||
| - 2.0 08/30/2024 Added Palette VerteX 4.4.14 to Affected Products |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.