Unrated severityNVD Advisory· Published Dec 26, 2022· Updated Apr 14, 2025

CVE-2021-44758

Description

Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.

Affected products

Heimdal/Heimdaldescription
osv-coords4 versions
pkg:rpm/opensuse/libheimdal&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/libheimdal&distro=openSUSE%20Leap%2015.4 pkg:rpm/suse/libheimdal&distro=SUSE%20Package%20Hub%2015%20SP3 pkg:rpm/suse/libheimdal&distro=SUSE%20Package%20Hub%2015%20SP4
< 7.8.0-bp153.2.4.1+ 3 more
- (no CPE)range: < 7.8.0-bp153.2.4.1
- (no CPE)range: < 7.8.0-bp154.2.4.1
- (no CPE)range: < 7.8.0-bp153.2.4.1
- (no CPE)range: < 7.8.0-bp154.2.4.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580mitre
github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xvmitre
security.gentoo.org/glsa/202310-06mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000