Skip to main content

NULL Pointer Dereference

CVE-2021-44758

Severity High
Score 7.5/10

Summary

Heimdal versions prior to 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a "preferred_mech_type" of "GSS_C_NO_OID" and a nonzero "initial_response" value to "send_accept".

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Advisory Timeline

  • Published