CVE-2021-44758

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-44758
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44758.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-44758
Downstream
Related
Published
2022-12-26T05:15:10Z
Modified
2025-10-21T06:39:59.342306Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferredmechtype of GSSCNOOID and a nonzero initialresponse value to send_accept.

References

Affected packages

Git / github.com/heimdal/heimdal

Affected ranges

Type
GIT
Repo
https://github.com/heimdal/heimdal
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f9ec7002cdd526ae84fbacbf153162e118f22580

Affected versions

Other

git2svn-syncpoint-master
switch-from-svn-to-git

heimdal-1.*

heimdal-1.3.0pre1
heimdal-1.3.0pre10
heimdal-1.3.0pre11
heimdal-1.3.0pre3
heimdal-1.3.0pre4
heimdal-1.3.0pre5
heimdal-1.3.0pre6
heimdal-1.3.0pre7
heimdal-1.3.0pre8
heimdal-1.3.0pre9
heimdal-1.3.0rc1
heimdal-1.5pre1
heimdal-1.5pre2

heimdal-7.*

heimdal-7.0.1
heimdal-7.0.2
heimdal-7.0.3
heimdal-7.1.0
heimdal-7.1rc1
heimdal-7.2.0
heimdal-7.3.0
heimdal-7.4.0
heimdal-7.5.0
heimdal-7.6.0
heimdal-7.7.0

upstream-1.*

upstream-1.4.0+git20101228.dfsg.1
upstream-1.4.0+git20110220.dfsg.1

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580",
        "target": {
            "function": "acceptor_start",
            "file": "lib/gssapi/spnego/accept_sec_context.c"
        },
        "deprecated": false,
        "id": "CVE-2021-44758-a26911ab",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "length": 3377.0,
            "function_hash": "75009401605604428884869299509859106623"
        }
    },
    {
        "source": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580",
        "target": {
            "file": "lib/gssapi/spnego/accept_sec_context.c"
        },
        "deprecated": false,
        "id": "CVE-2021-44758-f1b5692f",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "45393349319744962591727203327221467953",
                "25280937737562830750566835800286108024",
                "153095941575990750829901905980521923428",
                "337176227554821689295132016149127315569",
                "63597633016827585803544191842761081969",
                "80600011795866330910095409055721722911",
                "72295294317900148266331035536951006201",
                "102849322017619820316843476505270340749",
                "324771178622222051680429555791249523936"
            ]
        }
    }
]