Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-44758: NULL dereference DoS in SPNEGO acceptors

Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.

CVE
#vulnerability#dos#git

Package

heimdal

Affected versions

<7.7.1

Patched versions

7.7.1, 7.8

Description

Impact

This is a denial of service vulnerability affecting server applications that use SPNEGO.

Patches

Users should upgrade to Heimdal 7.7.1 or Heimdal 7.8.

Workarounds

Disable SPNEGO in the application.

For more information

If you have any questions or comments about this advisory:

  • Open an issue in [example link to repo](https://github.com/heimdal/heimdal/issues)
  • Email us at [email protected]

Severity

Low

0.0

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

CVE ID

CVE-2021-44758

Weaknesses

No CWEs

Related news

Gentoo Linux Security Advisory 202310-06

Gentoo Linux Security Advisory 202310-6 - Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a KDC. Versions greater than or equal to 7.8.0-r1 are affected.

Ubuntu Security Notice USN-5800-1

Ubuntu Security Notice 5800-1 - It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

Debian Security Advisory 5287-1

Debian Linux Security Advisory 5287-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907