CVE-2017-17439

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*

Information

Published : 2017-12-06 07:29

Updated : 2017-12-29 18:29


NVD link : CVE-2017-17439

Mitre link : CVE-2017-17439


JSON object : View

CWE
CWE-476

NULL Pointer Dereference

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

heimdal_project

  • heimdal