VulnerableCode Package Details - pkg:deb/ubuntu/heimdal@7.5.0%2Bdfsg-1

Search for packages

Package details: pkg:deb/ubuntu/heimdal@7.5.0%2Bdfsg-1

Essentials
History (0)

purl	pkg:deb/ubuntu/heimdal@7.5.0%2Bdfsg-1

Next non-vulnerable version	7.5.0+dfsg-3build1
Latest non-vulnerable version	7.5.0+dfsg-3build1
Risk	3.4

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-62bm-9r22-aaaq Aliases: CVE-2019-12098	In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.	7.5.0+dfsg-3build1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-d6ye-ubu8-aaae	In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.	CVE-2017-17439

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version