CVE-2021-37750

Name: CVE-2021-37750
Creator: NVD / NIST
Published: 2021-08-23T05:15:08.063+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 2.17%

Last modified Jun 17, 2026

CVE-2021-37750 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.. EPSS estimates a 2.17% chance of exploitation in the next 30 days.

Description

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

2.17%

79.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-476

Affected Software

Vendor	Product	Versions	Update
Mit	Kerberos 5	< 1.18.5	—
Mit	Kerberos 5	>= 1.19.0, < 1.19.3	—
Fedoraproject	Fedora	33	—
Debian	Debian Linux	9.0	—
Starwindsoftware	Starwind Virtual San	v8r13	14338
Oracle	Communications Cloud Native Core Network Slice Selection Function	22.1.0	—

References

https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49Patch, Third Party Advisory
https://github.com/krb5/krb5/releasesRelease Notes, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.htmlMailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
https://security.netapp.com/advisory/ntap-20210923-0002/Third Party Advisory
https://web.mit.edu/kerberos/advisories/Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220817-0004/Third Party Advisory
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49Patch, Third Party Advisory
https://github.com/krb5/krb5/releasesRelease Notes, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.htmlMailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
https://security.netapp.com/advisory/ntap-20210923-0002/Third Party Advisory
https://web.mit.edu/kerberos/advisories/Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220817-0004/Third Party Advisory

Timeline

Published: Aug 23, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-37750?

How severe is CVE-2021-37750?

CVE-2021-37750 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 2.17% probability of exploitation in the next 30 days.

How do I fix CVE-2021-37750?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-37750?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST