CVE-2021-3671
- Source
- https://cve.org/CVERecord?id=CVE-2021-3671
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3671.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-3671
- Downstream
- Related
- Published
- 2021-10-12T18:15:08.357Z
- Modified
- 2026-02-15T07:43:50.919347Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
- References
-
- https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
- https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html
- https://security.netapp.com/advisory/ntap-20221215-0002/
- https://security.netapp.com/advisory/ntap-20230216-0008/
- https://www.debian.org/security/2022/dsa-5287
- https://bugzilla.redhat.com/show_bug.cgi?id=2013080%2C
- https://bugzilla.samba.org/show_bug.cgi?id=14770%2C
- https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
- https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html
Affected packages
Git / github.com/heimdal/heimdal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/heimdal/heimdal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
git2svn-syncpoint-master
switch-from-svn-to-git
heimdal-1.*
heimdal-1.3.0pre1
heimdal-1.3.0pre10
heimdal-1.3.0pre11
heimdal-1.3.0pre3
heimdal-1.3.0pre4
heimdal-1.3.0pre5
heimdal-1.3.0pre6
heimdal-1.3.0pre7
heimdal-1.3.0pre8
heimdal-1.3.0pre9
heimdal-1.3.0rc1
heimdal-1.5pre1
heimdal-1.5pre2
upstream-1.*
upstream-1.4.0+git20101228.dfsg.1
upstream-1.4.0+git20110220.dfsg.1
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3671.json"
vanir_signatures
[
{
"digest": {
"line_hashes": [
"71814477620078668530731684481303091670",
"284346098059572621942400253662874014995",
"63355110677909982606625851675836965070",
"200771017170665811656047669952130469804"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "kdc/krb5tgs.c"
},
"signature_type": "Line",
"id": "CVE-2021-3671-5f6e87fc",
"source": "https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a",
"deprecated": false
},
{
"digest": {
"function_hash": "332444689167320886733846614105216309617",
"length": 21025.0
},
"signature_version": "v1",
"target": {
"file": "kdc/krb5tgs.c",
"function": "tgs_build_reply"
},
"signature_type": "Function",
"id": "CVE-2021-3671-e212c18a",
"source": "https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a",
"deprecated": false
}
]