Published: 26/12/2022 Updated: 08/10/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Heimdal prior to 7.7.1 allows malicious users to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.

Vulnerable Product	Search on Vulmon	Subscribe to Product
heimdal project heimdal

Debian Bug report logs - #1024187 heimdal: CVE-2022-44640 CVE-2022-42898 CVE-2022-3437 CVE-2021-44758 Package: src:heimdal; Maintainer for src:heimdal is Brian May <bam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 15 Nov 2022 21:30:02 UTC Severity: grave Tags: security, upstream Foun ...

Several security issues were fixed in Heimdal ...

Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos CVE-2021-3671 Joseph Sutton discovered that the Heimdal KDC does not validate that the server name in the TGS-REQ is present before dereferencing, which may result in denial of service CVE-2021-44758 It ...

CWE-476 https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580 https://security.gentoo.org/glsa/202310-06 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 https://ubuntu.com/security/notices/USN-5800-1 https://nvd.nist.gov

CVE-2021-44758

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect