CVE-2017-6594 — Improper Certificate Validation in Project Heimdal

CWE-295 — Improper Certificate Validation5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 51.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Heimdal Project Heimdal Opensuse Leap

Timeline

PublishedAug 28

Latest updateMay 13

Description

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Debianheimdal_project/heimdal< 7.1.0+dfsg-12+3

▶NVDheimdal_project/heimdal7.2.0

▶NVDopensuse/leap42.2, 42.3+1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-jg5g-qq45-3g4q: The transit path validation code in Heimdal before 7↗2022-05-13

▶

CVEList

CVE-2017-6594: The transit path validation code in Heimdal before 7↗2017-08-28

▶

OSV

CVE-2017-6594: The transit path validation code in Heimdal before 7↗2017-08-28

▶

📋Vendor Advisories

Debian

CVE-2017-6594: heimdal - The transit path validation code in Heimdal before 7.3 might allow attackers to ...↗2017

▶