CVE-2017-17439
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-17439
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-17439.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-17439
- Downstream
- Related
- Published
- 2017-12-06T15:29:00Z
- Modified
- 2025-09-19T08:10:47.387044Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the kdcasrep function in kdc/kerberos5.c and the derlengthvisiblestring function in lib/asn1/der_length.c.
- References
-
- http://h5l.org/advisories.html?show=2017-12-08
- http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144
- https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887
- https://github.com/heimdal/heimdal/issues/353
- https://www.debian.org/security/2017/dsa-4055
- http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html
- https://security.alpinelinux.org/vuln/CVE-2017-17439
Affected packages
Alpine:v3.10
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.11
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.12
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.13
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.14
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.15
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.16
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.17
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.18
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.19
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.20
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.21
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.22
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.6
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.1.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
Alpine:v3.7
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.8
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Alpine:v3.9
heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
Git
github.com/heimdal/heimdal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/heimdal/heimdal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
git2svn-syncpoint-master
switch-from-svn-to-git
heimdal-1.*
heimdal-1.3.0pre1
heimdal-1.3.0pre10
heimdal-1.3.0pre11
heimdal-1.3.0pre3
heimdal-1.3.0pre4
heimdal-1.3.0pre5
heimdal-1.3.0pre6
heimdal-1.3.0pre7
heimdal-1.3.0pre8
heimdal-1.3.0pre9
heimdal-1.3.0rc1
heimdal-1.5pre1
heimdal-1.5pre2
upstream-1.*
upstream-1.4.0+git20101228.dfsg.1
upstream-1.4.0+git20110220.dfsg.1
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"target": {
"file": "kdc/kerberos5.c"
},
"id": "CVE-2017-17439-45d566d2",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"184552108741995966909798273234929043718",
"31157069625652692581562993520782672132",
"92289731964834894266176103875665865520",
"220543229444911101941918136132963866440",
"68088921273738415772594604441004796928",
"289623454940078461526621765045642131000",
"19653521005183287255750554540954066757",
"238734535077344973939955929287016383729",
"198986556732662134247394704136678794791",
"172798049371050135097062238087022251110",
"333345530607291890332505461811148112806",
"197736238020111757745263551938246121115"
],
"threshold": 0.9
},
"source": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"
},
{
"signature_version": "v1",
"target": {
"file": "kdc/kerberos5.c",
"function": "_kdc_as_rep"
},
"id": "CVE-2017-17439-fa1b0857",
"deprecated": false,
"signature_type": "Function",
"digest": {
"length": 15811.0,
"function_hash": "319009278022935075940704152087705260197"
},
"source": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"
}
]
}