Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferredmechtype of GSSCNOOID and a nonzero initialresponse value to send_accept.
{
"cpe": "cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "7.7.1"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}"2026-07-08T10:27:36Z"
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44758.json"
[
{
"id": "CVE-2021-44758-7e74d481",
"digest": {
"threshold": 0.9,
"line_hashes": [
"185684756605390238103334007784352789624",
"7131579695216385856922531758292910060",
"96067565823201056646313325968740529266",
"307324062224806380958204996069287421659"
]
},
"source": "https://github.com/heimdal/heimdal/commit/78077c39e355766221383ee48c8b9be0459a82a4",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "include/bits.c"
}
},
{
"id": "CVE-2021-44758-a26911ab",
"digest": {
"function_hash": "75009401605604428884869299509859106623",
"length": 3377.0
},
"source": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "acceptor_start",
"file": "lib/gssapi/spnego/accept_sec_context.c"
}
},
{
"id": "CVE-2021-44758-f1b5692f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"45393349319744962591727203327221467953",
"25280937737562830750566835800286108024",
"153095941575990750829901905980521923428",
"337176227554821689295132016149127315569",
"63597633016827585803544191842761081969",
"80600011795866330910095409055721722911",
"72295294317900148266331035536951006201",
"102849322017619820316843476505270340749",
"324771178622222051680429555791249523936"
]
},
"source": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "lib/gssapi/spnego/accept_sec_context.c"
}
}
]