Upstream information
CVE-2021-44758 at MITRE
Description
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
CVSS v3 Scores
| | National Vulnerability Database |
|---|
| Base Score | 7.5 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
SUSE Bugzilla entry:
1205667 [RESOLVED / FIXED]
SUSE Security Advisories:
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
| SUSE Package Hub 15 SP3 | libasn1-8 >= 7.8.0-bp153.2.4.1libgssapi3 >= 7.8.0-bp153.2.4.1libhcrypto4 >= 7.8.0-bp153.2.4.1libhdb9 >= 7.8.0-bp153.2.4.1libheimbase1 >= 7.8.0-bp153.2.4.1libheimdal-devel >= 7.8.0-bp153.2.4.1libheimedit0 >= 7.8.0-bp153.2.4.1libheimntlm0 >= 7.8.0-bp153.2.4.1libhx509-5 >= 7.8.0-bp153.2.4.1libkadm5clnt7 >= 7.8.0-bp153.2.4.1libkadm5srv8 >= 7.8.0-bp153.2.4.1libkafs0 >= 7.8.0-bp153.2.4.1libkdc2 >= 7.8.0-bp153.2.4.1libkrb5-26 >= 7.8.0-bp153.2.4.1libotp0 >= 7.8.0-bp153.2.4.1libroken18 >= 7.8.0-bp153.2.4.1libsl0 >= 7.8.0-bp153.2.4.1libwind0 >= 7.8.0-bp153.2.4.1
| Patchnames:
openSUSE-2023-20 |
| SUSE Package Hub 15 SP4 | libasn1-8 >= 7.8.0-bp154.2.4.1libgssapi3 >= 7.8.0-bp154.2.4.1libhcrypto4 >= 7.8.0-bp154.2.4.1libhdb9 >= 7.8.0-bp154.2.4.1libheimbase1 >= 7.8.0-bp154.2.4.1libheimdal-devel >= 7.8.0-bp154.2.4.1libheimedit0 >= 7.8.0-bp154.2.4.1libheimntlm0 >= 7.8.0-bp154.2.4.1libhx509-5 >= 7.8.0-bp154.2.4.1libkadm5clnt7 >= 7.8.0-bp154.2.4.1libkadm5srv8 >= 7.8.0-bp154.2.4.1libkafs0 >= 7.8.0-bp154.2.4.1libkdc2 >= 7.8.0-bp154.2.4.1libkrb5-26 >= 7.8.0-bp154.2.4.1libotp0 >= 7.8.0-bp154.2.4.1libroken18 >= 7.8.0-bp154.2.4.1libsl0 >= 7.8.0-bp154.2.4.1libwind0 >= 7.8.0-bp154.2.4.1
| Patchnames:
openSUSE-2023-19 |
| openSUSE Leap 15.3 | libasn1-8 >= 7.8.0-bp153.2.4.1libgssapi3 >= 7.8.0-bp153.2.4.1libhcrypto4 >= 7.8.0-bp153.2.4.1libhdb9 >= 7.8.0-bp153.2.4.1libheimbase1 >= 7.8.0-bp153.2.4.1libheimdal-devel >= 7.8.0-bp153.2.4.1libheimedit0 >= 7.8.0-bp153.2.4.1libheimntlm0 >= 7.8.0-bp153.2.4.1libhx509-5 >= 7.8.0-bp153.2.4.1libkadm5clnt7 >= 7.8.0-bp153.2.4.1libkadm5srv8 >= 7.8.0-bp153.2.4.1libkafs0 >= 7.8.0-bp153.2.4.1libkdc2 >= 7.8.0-bp153.2.4.1libkrb5-26 >= 7.8.0-bp153.2.4.1libotp0 >= 7.8.0-bp153.2.4.1libroken18 >= 7.8.0-bp153.2.4.1libsl0 >= 7.8.0-bp153.2.4.1libwind0 >= 7.8.0-bp153.2.4.1
| Patchnames:
openSUSE-2023-20 |
| openSUSE Leap 15.4 | libasn1-8 >= 7.8.0-bp154.2.4.1libgssapi3 >= 7.8.0-bp154.2.4.1libhcrypto4 >= 7.8.0-bp154.2.4.1libhdb9 >= 7.8.0-bp154.2.4.1libheimbase1 >= 7.8.0-bp154.2.4.1libheimdal-devel >= 7.8.0-bp154.2.4.1libheimedit0 >= 7.8.0-bp154.2.4.1libheimntlm0 >= 7.8.0-bp154.2.4.1libhx509-5 >= 7.8.0-bp154.2.4.1libkadm5clnt7 >= 7.8.0-bp154.2.4.1libkadm5srv8 >= 7.8.0-bp154.2.4.1libkafs0 >= 7.8.0-bp154.2.4.1libkdc2 >= 7.8.0-bp154.2.4.1libkrb5-26 >= 7.8.0-bp154.2.4.1libotp0 >= 7.8.0-bp154.2.4.1libroken18 >= 7.8.0-bp154.2.4.1libsl0 >= 7.8.0-bp154.2.4.1libwind0 >= 7.8.0-bp154.2.4.1
| Patchnames:
openSUSE-2023-19 |
| openSUSE Tumbleweed | libasn1-8 >= 7.8.0-1.1libgssapi3 >= 7.8.0-1.1libhcrypto4 >= 7.8.0-1.1libhdb9 >= 7.8.0-1.1libheimbase1 >= 7.8.0-1.1libheimdal-devel >= 7.8.0-1.1libheimedit0 >= 7.8.0-1.1libheimntlm0 >= 7.8.0-1.1libhx509-5 >= 7.8.0-1.1libkadm5clnt7 >= 7.8.0-1.1libkadm5srv8 >= 7.8.0-1.1libkafs0 >= 7.8.0-1.1libkdc2 >= 7.8.0-1.1libkrb5-26 >= 7.8.0-1.1libotp0 >= 7.8.0-1.1libroken18 >= 7.8.0-1.1libsl0 >= 7.8.0-1.1libwind0 >= 7.8.0-1.1
| Patchnames:
openSUSE Tumbleweed GA libasn1-8-7.8.0-1.1 |
SUSE Timeline for this CVE
CVE page created: Tue Nov 22 22:00:08 2022
CVE page last modified: Tue May 23 18:12:57 2023
Execute Soluções SAP
Nuvem pública
Security
