CVE-2017-6594

Published: Aug 28, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

Affected (3)

Products: Heimdal Project: Heimdal · Opensuse: Leap

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Heimdal Project Heimdal	Up to 7.2.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.2
Opensuse Leap	Version 42.3

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (8)

http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html

Source: cve@mitre.org

Third Party Advisory

http://www.h5l.org/advisories.html?show=2017-04-13

Source: cve@mitre.org

Vendor Advisory

https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.h5l.org/advisories.html?show=2017-04-13

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.