CVE-2021-3671

Summary

CVE	CVE-2021-3671
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-10-12 18:15:00 UTC
Updated	2023-11-07 03:38:00 UTC
Description	A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.

Risk And Classification

Problem Types: CWE-476

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Application	Netapp	Management Services For Element Software	-	All	All	All
Application	Netapp	Management Services For Netapp Hci	-	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Application	Samba	Samba	All	All	All	All

References

Reference	Source	Link	Tags
kdc: validate sname in TGS-REQ · heimdal/heimdal@0417114 · GitHub	MISC	github.com
Invalid Bug ID		bugzilla.redhat.com
CVE-2021-3671 Samba Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
December 2022 Heimdal Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
Invalid Bug ID		bugzilla.samba.org
[SECURITY] [DLA 3206-1] heimdal security update	MLIST	lists.debian.org
Debian -- Security Information -- DSA-5287-1 heimdal	DEBIAN	www.debian.org
Invalid Bug ID	MISC	bugzilla.redhat.com
Invalid Bug ID	MISC	bugzilla.samba.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

179928 Debian Security Update for samba (CVE-2021-3671)
181242 Debian Security Update for heimdal (DSA 5287-1)
181249 Debian Security Update for heimdal (DLA 3206-1)
198583 Ubuntu Security Notification for Samba Vulnerability (USN-5142-1)
198596 Ubuntu Security Notification for Samba Vulnerabilities (USN-5174-1)
198986 Ubuntu Security Notification for Heimdal Vulnerabilities (USN-5675-1)
283360 Fedora Security Update for heimdal (FEDORA-2022-dba9ba8e2b)
283361 Fedora Security Update for heimdal (FEDORA-2022-cbbd105d08)
283404 Fedora Security Update for heimdal (FEDORA-2022-2c77cee4b5)
501782 Alpine Linux Security Update for samba
502026 Alpine Linux Security Update for samba
502599 Alpine Linux Security Update for heimdal
502655 Alpine Linux Security Update for heimdal
503994 Alpine Linux Security Update for heimdal
504393 Alpine Linux Security Update for samba
671191 EulerOS Security Update for samba (EulerOS-SA-2022-1037)
671211 EulerOS Security Update for samba (EulerOS-SA-2022-1017)
671267 EulerOS Security Update for samba (EulerOS-SA-2022-1188)
671280 EulerOS Security Update for samba (EulerOS-SA-2022-1246)
671315 EulerOS Security Update for samba (EulerOS-SA-2022-1258)
671342 EulerOS Security Update for samba (EulerOS-SA-2022-1282)
901084 Common Base Linux Mariner (CBL-Mariner) Security Update for samba (7354)