Published: 12/10/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 357

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba
debian debian linux 10.0
debian debian linux 11.0
netapp ontap select deploy administration utility -
netapp management services for element software -
netapp management services for netapp hci -

Debian Bug report logs - #996586 heimdal: CVE-2021-3671 Package: src:heimdal; Maintainer for src:heimdal is Brian May <bam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 15 Oct 2021 19:51:02 UTC Severity: grave Tags: security, upstream Found in versions heimdal/770+dfsg-2, heimdal/7 ...

Several security issues were fixed in Heimdal ...

Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos CVE-2021-3671 Joseph Sutton discovered that the Heimdal KDC does not validate that the server name in the TGS-REQ is present before dereferencing, which may result in denial of service CVE-2021-44758 It ...

In Samba before version 4150, an unauthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ ...

CWE-476 https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a https://www.debian.org/security/2022/dsa-5287 https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html https://security.netapp.com/advisory/ntap-20221215-0002/https://security.netapp.com/advisory/ntap-20230216-0008/https://bugzilla.redhat.com/show_bug.cgi?id=2013080%2C https://bugzilla.samba.org/show_bug.cgi?id=14770%2C https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996586 https://ubuntu.com/security/notices/USN-5675-1 https://nvd.nist.gov

CVE-2021-3671

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect