What is CVE-2017-6594?

CVE-2017-6594 is a high-severity vulnerability in Heimdal_project Heimdal, classified under Improper Certificate Validation. CVSS score: 7.5/10. Published 2017-08-28.

How severe is CVE-2017-6594?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Heimdal_project Heimdal

CVE-2017-6594

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

Vulnerability class: Improper Certificate Validation

EPSS: 0.002 (42.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Heimdal_project Heimdal
Opensuse Leap — versions 42.2, 42.3
N/a — versions n/a

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)

Frequently asked questions

What is CVE-2017-6594?: CVE-2017-6594 is a high-severity vulnerability in Heimdal_project Heimdal, classified under Improper Certificate Validation. CVSS score: 7.5/10. Published 2017-08-28.
How severe is CVE-2017-6594?: High severity. CVSS v3 base score is 7.5 out of 10.