CVE-2021-44758

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-44758
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44758.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-44758
Downstream
Related
Published
2022-12-26T05:15:10.503Z
Modified
2026-03-13T22:01:00.837280Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferredmechtype of GSSCNOOID and a nonzero initialresponse value to send_accept.

References

Affected packages

Git / github.com/heimdal/heimdal

Affected ranges

Type
GIT
Repo
https://github.com/heimdal/heimdal
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
78077c39e355766221383ee48c8b9be0459a82a4
Fixed
f9ec7002cdd526ae84fbacbf153162e118f22580
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.7.1"
        }
    ]
}

Affected versions

Other
git2svn-syncpoint-master
switch-from-svn-to-git
heimdal-1.*
heimdal-1.3.0pre1
heimdal-1.3.0pre10
heimdal-1.3.0pre11
heimdal-1.3.0pre3
heimdal-1.3.0pre4
heimdal-1.3.0pre5
heimdal-1.3.0pre6
heimdal-1.3.0pre7
heimdal-1.3.0pre8
heimdal-1.3.0pre9
heimdal-1.3.0rc1
heimdal-1.5pre1
heimdal-1.5pre2
heimdal-7.*
heimdal-7.0.1
heimdal-7.0.2
heimdal-7.0.3
heimdal-7.1.0
heimdal-7.1rc1
heimdal-7.2.0
heimdal-7.3.0
heimdal-7.4.0
heimdal-7.5.0
heimdal-7.6.0
heimdal-7.7.0
upstream-1.*
upstream-1.4.0+git20101228.dfsg.1
upstream-1.4.0+git20110220.dfsg.1

Database specific

vanir_signatures 
[
    {
        "deprecated": false,
        "id": "CVE-2021-44758-7e74d481",
        "target": {
            "file": "include/bits.c"
        },
        "digest": {
            "line_hashes": [
                "185684756605390238103334007784352789624",
                "7131579695216385856922531758292910060",
                "96067565823201056646313325968740529266",
                "307324062224806380958204996069287421659"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/heimdal/heimdal/commit/78077c39e355766221383ee48c8b9be0459a82a4"
    },
    {
        "deprecated": false,
        "id": "CVE-2021-44758-a26911ab",
        "target": {
            "file": "lib/gssapi/spnego/accept_sec_context.c",
            "function": "acceptor_start"
        },
        "digest": {
            "function_hash": "75009401605604428884869299509859106623",
            "length": 3377.0
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580"
    },
    {
        "deprecated": false,
        "id": "CVE-2021-44758-f1b5692f",
        "target": {
            "file": "lib/gssapi/spnego/accept_sec_context.c"
        },
        "digest": {
            "line_hashes": [
                "45393349319744962591727203327221467953",
                "25280937737562830750566835800286108024",
                "153095941575990750829901905980521923428",
                "337176227554821689295132016149127315569",
                "63597633016827585803544191842761081969",
                "80600011795866330910095409055721722911",
                "72295294317900148266331035536951006201",
                "102849322017619820316843476505270340749",
                "324771178622222051680429555791249523936"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44758.json"