VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-wpbb-uc5r-bud4

Essentials
Severities (36)
References (14)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-wpbb-uc5r-bud4
Aliases	CVE-2021-44758
Summary	Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-476

NULL Pointer Dereference

System	Score	Found at
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00325	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
epss	0.00595	https://api.first.org/data/v1/epss?cve=CVE-2021-44758
cvssv3.1	7.5	https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580
ssvc	Track	https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580
cvssv3.1	7.5	https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv
ssvc	Track	https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-44758
cvssv3.1	7.5	https://security.gentoo.org/glsa/202310-06
ssvc	Track	https://security.gentoo.org/glsa/202310-06

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2021-44758
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640
1024187		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187
202310-06		https://security.gentoo.org/glsa/202310-06
cpe:2.3:a:heimdal_project:heimdal::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:heimdal_project:heimdal::::::::
CVE-2021-44758		https://nvd.nist.gov/vuln/detail/CVE-2021-44758
f9ec7002cdd526ae84fbacbf153162e118f22580		https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580
GHSA-69h9-669w-88xv		https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv
USN-5800-1		https://usn.ubuntu.com/5800-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:56:38Z/ Found at https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:56:38Z/ Found at https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-44758

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202310-06

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:56:38Z/ Found at https://security.gentoo.org/glsa/202310-06

Exploit Prediction Scoring System (EPSS)

Percentile	0.54824
EPSS Score	0.00325
Published At	Sept. 9, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:31:03.207698+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.16/main.json	37.0.0