CVE-2017-17439

Name of the Vulnerable Software and Affected Versions Heimdal versions prior to 7.5

Description The issue allows remote unauthenticated attackers to crash the KDC by sending a crafted UDP packet with empty data fields for client name or realm. This leads to a segmentation fault due to the parser unconditionally dereferencing NULL pointers. The problem is related to the kdc as rep function in kdc/kerberos5.c and the der length visible string function in lib/asn1/der length.c.

Recommendations For Heimdal versions prior to 7.5, update to version 7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the KDC to minimize the risk of exploitation.