VulnerableCode Package Details - pkg:deb/ubuntu/heimdal@7.4.0.dfsg.1-2

Search for packages

Package details: pkg:deb/ubuntu/heimdal@7.4.0.dfsg.1-2

Essentials
History (0)

purl	pkg:deb/ubuntu/heimdal@7.4.0.dfsg.1-2

Next non-vulnerable version	7.5.0+dfsg-3build1
Latest non-vulnerable version	7.5.0+dfsg-3build1
Risk	3.4

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-62bm-9r22-aaaq Aliases: CVE-2019-12098	In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.	7.5.0+dfsg-3build1 Affected by 0 other vulnerabilities.
VCID-d6ye-ubu8-aaae Aliases: CVE-2017-17439	In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.	7.5.0+dfsg-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-sfkm-67z4-aaap	The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.	CVE-2017-6594

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version