Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
References
Link | Resource |
---|---|
https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580 | Patch Third Party Advisory |
https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv | Third Party Advisory |
https://security.gentoo.org/glsa/202310-06 |
Configurations
History
08 Oct 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Jan 2023, 02:50
Type | Values Removed | Values Added |
---|---|---|
First Time |
Heimdal Project
Heimdal Project heimdal |
|
CWE | CWE-476 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv - Third Party Advisory |
26 Dec 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-26 05:15
Updated : 2023-12-10 14:48
NVD link : CVE-2021-44758
Mitre link : CVE-2021-44758
CVE.ORG link : CVE-2021-44758
JSON object : View
Products Affected
heimdal_project
- heimdal
CWE
CWE-476
NULL Pointer Dereference