CVE-2021-3671

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.

References

Affected packages

Git / github.com/heimdal/heimdal

Affected ranges

Type
Repo: https://github.com/heimdal/heimdal
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

04171147948d0a3636bc6374181926f0fb2ec83a

Type

GIT

Repo

https://github.com/samba-team/samba

Events

Introduced

Fixed

aa756f3f9fc88bbd10c6a3a7c1827ca09a669714

Introduced

9b49519cae3e967af9ea48dc5fcfb6c145e31db4

Fixed

d1c9330fa69ba6942ab23843e21acc11767d54ee

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.13.12"
        },
        {
            "introduced": "4.14.0"
        },
        {
            "fixed": "4.14.8"
        }
    ]
}

Affected versions

ldb-2.*

ldb-2.3.0

samba-4.*

samba-4.14.0

samba-4.14.1

samba-4.14.2

samba-4.14.3

samba-4.14.4

samba-4.14.5

samba-4.14.6

samba-4.14.7

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3671.json"