VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-9m29-pkag-aaaq

Essentials
Severities (94)
References (14)
Severity details (9)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-9m29-pkag-aaaq
Aliases	CVE-2021-44758
Summary	Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-476

NULL Pointer Dereference

System	Score	Found at
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00353	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
cvssv3.1	7.5	https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580
ssvc	Track	https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580
cvssv3.1	7.5	https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv
ssvc	Track	https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-44758
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-44758
cvssv3.1	7.5	https://security.gentoo.org/glsa/202310-06
ssvc	Track	https://security.gentoo.org/glsa/202310-06

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2021-44758
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640
		https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580
		https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv
1024187		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187
cpe:2.3:a:heimdal_project:heimdal::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:heimdal_project:heimdal::::::::
CVE-2021-44758		https://nvd.nist.gov/vuln/detail/CVE-2021-44758
GLSA-202310-06		https://security.gentoo.org/glsa/202310-06
USN-5800-1		https://usn.ubuntu.com/5800-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:56:38Z/ Found at https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:56:38Z/ Found at https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-44758

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-44758

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202310-06

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:56:38Z/ Found at https://security.gentoo.org/glsa/202310-06

Exploit Prediction Scoring System (EPSS)

Percentile	0.47422
EPSS Score	0.00121
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.