DescriptionIn Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
|National Vulnerability Database|
- openSUSE-SU-2017:3268-1, published Tue, 12 Dec 2017 18:09:11 +0100 (CET)
- openSUSE-SU-2018:2376-1, published Thu, 16 Aug 2018 15:22:13 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Leap 42.2|| ||Patchnames:
|openSUSE Leap 42.3|| ||Patchnames: