This vulnerability affects MIT Kerberos 5 (krb5) versions prior to 1.21.3. An attacker can alter the plaintext Extra Count field in a confidential GSS krb5 wrap token, which leads to the application receiving a truncated version of the unwrapped token. The issue relates to improper handling of token integrity, classified under CWE-345 (Insufficient Verification of Data Authenticity). The CVSS 3.1 score of 7.5 reflects a high severity due to the potential confidentiality impact without requiring privileges or user interaction. No known exploits are reported in the wild, and no patch or official remediation information is currently provided.

The vulnerability allows an attacker to modify the Extra Count field of a confidential GSS krb5 wrap token, causing the token to appear truncated when unwrapped by the application. This impacts the confidentiality of the token data. There is no indication of impact on integrity or availability. No known exploits have been reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor for updates from the MIT Kerberos project. Avoid relying on vulnerable versions prior to 1.21.3 if possible until a fix is confirmed.