{"id":"CVE-2021-44758","details":"Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.","modified":"2026-04-16T00:00:27.505143189Z","published":"2022-12-26T05:15:10.503Z","related":["GHSA-69h9-669w-88xv","openSUSE-SU-2023:0019-1","openSUSE-SU-2023:0020-1","openSUSE-SU-2024:12580-1"],"references":[{"type":"ADVISORY","url":"https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202310-06"},{"type":"FIX","url":"https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/heimdal/heimdal","events":[{"introduced":"0"},{"fixed":"78077c39e355766221383ee48c8b9be0459a82a4"},{"fixed":"f9ec7002cdd526ae84fbacbf153162e118f22580"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"7.7.1"}]}}],"versions":["git2svn-syncpoint-master","heimdal-1.3.0pre1","heimdal-1.3.0pre10","heimdal-1.3.0pre11","heimdal-1.3.0pre3","heimdal-1.3.0pre4","heimdal-1.3.0pre5","heimdal-1.3.0pre6","heimdal-1.3.0pre7","heimdal-1.3.0pre8","heimdal-1.3.0pre9","heimdal-1.3.0rc1","heimdal-1.5pre1","heimdal-1.5pre2","heimdal-7.0.1","heimdal-7.0.2","heimdal-7.0.3","heimdal-7.1.0","heimdal-7.1rc1","heimdal-7.2.0","heimdal-7.3.0","heimdal-7.4.0","heimdal-7.5.0","heimdal-7.6.0","heimdal-7.7.0","switch-from-svn-to-git","upstream-1.4.0+git20101228.dfsg.1","upstream-1.4.0+git20110220.dfsg.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44758.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["185684756605390238103334007784352789624","7131579695216385856922531758292910060","96067565823201056646313325968740529266","307324062224806380958204996069287421659"]},"id":"CVE-2021-44758-7e74d481","source":"https://github.com/heimdal/heimdal/commit/78077c39e355766221383ee48c8b9be0459a82a4","deprecated":false,"target":{"file":"include/bits.c"},"signature_version":"v1","signature_type":"Line"},{"digest":{"function_hash":"75009401605604428884869299509859106623","length":3377},"id":"CVE-2021-44758-a26911ab","source":"https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580","deprecated":false,"target":{"function":"acceptor_start","file":"lib/gssapi/spnego/accept_sec_context.c"},"signature_version":"v1","signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["45393349319744962591727203327221467953","25280937737562830750566835800286108024","153095941575990750829901905980521923428","337176227554821689295132016149127315569","63597633016827585803544191842761081969","80600011795866330910095409055721722911","72295294317900148266331035536951006201","102849322017619820316843476505270340749","324771178622222051680429555791249523936"]},"id":"CVE-2021-44758-f1b5692f","source":"https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580","deprecated":false,"target":{"file":"lib/gssapi/spnego/accept_sec_context.c"},"signature_version":"v1","signature_type":"Line"}],"vanir_signatures_modified":"2026-04-12T03:55:14Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}