CVE-2021-44758 — NULL Pointer Dereference in Project Heimdal

CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 42.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Heimdal Project Heimdal

Timeline

PublishedDec 26

Latest updateJan 12

Description

Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDheimdal_project/heimdal< 7.7.1

▶Debianheimdal_project/heimdal< 7.7.0+dfsg-2+deb11u2+3

▶Ubuntuheimdal_project/heimdal< 7.5.0+dfsg-1ubuntu0.3+3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

heimdal vulnerabilities↗2023-01-12

▶

CVEList

CVE-2021-44758: Heimdal before 7↗2022-12-26

▶

OSV

CVE-2021-44758: Heimdal before 7↗2022-12-26

▶

📋Vendor Advisories

Ubuntu

Heimdal vulnerabilities↗2023-01-12

▶

Microsoft

Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.↗2022-12-13

▶

BSD

FreeBSD-SA-22:14.heimdal: Multiple vulnerabilities in Heimdal [REVISED]↗2022-11-15

▶

Debian

CVE-2021-44758: heimdal - Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a S...↗2021

▶