CVE-2017-17439
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-17439
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17439.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-17439
- Related
- Published
- 2017-12-06T15:29:00Z
- Modified
- 2024-09-18T02:47:15.840304Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the kdcasrep function in kdc/kerberos5.c and the derlengthvisiblestring function in lib/asn1/der_length.c.
- References
-
- http://h5l.org/advisories.html?show=2017-12-08
- https://www.debian.org/security/2017/dsa-4055
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144
- https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887
- https://github.com/heimdal/heimdal/issues/353
- http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html
- http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html
- https://security.alpinelinux.org/vuln/CVE-2017-17439
- https://security-tracker.debian.org/tracker/CVE-2017-17439
Affected packages
Alpine:v3.10 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.11 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.12 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.13 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.14 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.15 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.16 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.17 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.18 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.19 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.20 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.6 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.1.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
Alpine:v3.7 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.8 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.9 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Debian:11 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:deb/debian/heimdal?arch=source
Debian:12 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:deb/debian/heimdal?arch=source
Debian:13 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:deb/debian/heimdal?arch=source
Git / github.com/heimdal/heimdal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/heimdal/heimdal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
git2svn-syncpoint-master
switch-from-svn-to-git
heimdal-1.*
heimdal-1.3.0pre1
heimdal-1.3.0pre10
heimdal-1.3.0pre11
heimdal-1.3.0pre3
heimdal-1.3.0pre4
heimdal-1.3.0pre5
heimdal-1.3.0pre6
heimdal-1.3.0pre7
heimdal-1.3.0pre8
heimdal-1.3.0pre9
heimdal-1.3.0rc1
heimdal-1.5pre1
heimdal-1.5pre2
upstream-1.*
upstream-1.4.0+git20101228.dfsg.1
upstream-1.4.0+git20110220.dfsg.1