CVE-2021-44758

Advisory lineage Upstream: 0 Downstream: 9
Modified
Published: 26 Dec 2022, 00:00
Last modified:14 Apr 2025, 15:57

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
0.35% LOW
0% probability -0.04%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

26 Dec 2022, 00:00
Published
Vulnerability first disclosed
14 Apr 2025, 15:57
Last Modified
Vulnerability information updated

Description

Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.

CVSS Metrics

  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.35% Percentile: 58%

Techniques & Countermeasures

  • CWE-476NULL Pointer Dereference

    The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

  • heimdal_projectheimdal

    < 7.7.1

References (3)