CVE-2017-17439
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-17439
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-17439.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-17439
- Downstream
- Related
- Published
- 2017-12-06T15:29:00Z
- Modified
- 2025-10-15T08:53:49.361939Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the kdcasrep function in kdc/kerberos5.c and the derlengthvisiblestring function in lib/asn1/der_length.c.
- References
-
- http://h5l.org/advisories.html?show=2017-12-08
- http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144
- https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887
- https://github.com/heimdal/heimdal/issues/353
- https://www.debian.org/security/2017/dsa-4055
- http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html
Affected packages
Git / github.com/heimdal/heimdal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/heimdal/heimdal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
git2svn-syncpoint-master
switch-from-svn-to-git
heimdal-1.*
heimdal-1.3.0pre1
heimdal-1.3.0pre10
heimdal-1.3.0pre11
heimdal-1.3.0pre3
heimdal-1.3.0pre4
heimdal-1.3.0pre5
heimdal-1.3.0pre6
heimdal-1.3.0pre7
heimdal-1.3.0pre8
heimdal-1.3.0pre9
heimdal-1.3.0rc1
heimdal-1.5pre1
heimdal-1.5pre2
upstream-1.*
upstream-1.4.0+git20101228.dfsg.1
upstream-1.4.0+git20110220.dfsg.1
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"184552108741995966909798273234929043718",
"31157069625652692581562993520782672132",
"92289731964834894266176103875665865520",
"220543229444911101941918136132963866440",
"68088921273738415772594604441004796928",
"289623454940078461526621765045642131000",
"19653521005183287255750554540954066757",
"238734535077344973939955929287016383729",
"198986556732662134247394704136678794791",
"172798049371050135097062238087022251110",
"333345530607291890332505461811148112806",
"197736238020111757745263551938246121115"
]
},
"signature_type": "Line",
"target": {
"file": "kdc/kerberos5.c"
},
"deprecated": false,
"source": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887",
"signature_version": "v1",
"id": "CVE-2017-17439-45d566d2"
},
{
"digest": {
"function_hash": "319009278022935075940704152087705260197",
"length": 15811.0
},
"signature_type": "Function",
"target": {
"function": "_kdc_as_rep",
"file": "kdc/kerberos5.c"
},
"deprecated": false,
"source": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887",
"signature_version": "v1",
"id": "CVE-2017-17439-fa1b0857"
}
]