CVE-2017-17439 in Heimdalinfo

Zusammenfassung

von MITRE

In Heimdal 7.1.0, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

06.12.2017

Veröffentlichung

06.12.2017

Moderieren

akzeptiert

Eintrag

VDB-110298

CPE

bereit

CWE

CWE-476 (bestätigt)

CVSS

7.5 (NVD)

EPSS

0.03783

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-17439
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-17439
CVE Details	https://www.cvedetails.com/cve/CVE-2017-17439/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!