{"id":"CVE-2017-6594","details":"The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.","modified":"2026-04-16T06:20:17.550808829Z","published":"2017-08-28T19:29:01.400Z","related":["openSUSE-SU-2024:10946-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html"},{"type":"ADVISORY","url":"http://www.h5l.org/advisories.html?show=2017-04-13"},{"type":"FIX","url":"https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837"},{"type":"FIX","url":"https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/heimdal/heimdal","events":[{"introduced":"0"},{"last_affected":"622ab5feac72a5ba3f226916f7a16d0305d211f3"},{"fixed":"b1e699103f08d6a0ca46a122193c9da65f6cf837"},{"fixed":"40d4229585ec17a9c051605aad7dd5d9e8831256"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.2.0"}]}}],"versions":["git2svn-syncpoint-master","heimdal-1.3.0pre1","heimdal-1.3.0pre10","heimdal-1.3.0pre11","heimdal-1.3.0pre3","heimdal-1.3.0pre4","heimdal-1.3.0pre5","heimdal-1.3.0pre6","heimdal-1.3.0pre7","heimdal-1.3.0pre8","heimdal-1.3.0pre9","heimdal-1.3.0rc1","heimdal-1.5pre1","heimdal-1.5pre2","heimdal-7.0.1","heimdal-7.0.2","heimdal-7.0.3","heimdal-7.1.0","heimdal-7.1rc1","heimdal-7.2.0","switch-from-svn-to-git","upstream-1.4.0+git20101228.dfsg.1","upstream-1.4.0+git20110220.dfsg.1"],"database_specific":{"vanir_signatures":[{"id":"CVE-2017-6594-a768238d","digest":{"function_hash":"270238562784984867584632901616162288360","length":6359},"source":"https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837","signature_type":"Function","deprecated":false,"target":{"function":"tgs_make_reply","file":"kdc/krb5tgs.c"},"signature_version":"v1"},{"id":"CVE-2017-6594-e9984013","digest":{"function_hash":"305022542824129016834200220310623900651","length":16805},"source":"https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837","signature_type":"Function","deprecated":false,"target":{"function":"tgs_build_reply","file":"kdc/krb5tgs.c"},"signature_version":"v1"},{"id":"CVE-2017-6594-fec21090","digest":{"threshold":0.9,"line_hashes":["198393109441526925492806710884896915895","193198016268089982154047290234061457923","256300685901101071979731921024938987275","183715295914950232048519498365468716072","165692208357131289791457558362817017545","188863839268074315153191233273064338369","335580149951430019058437415557590538536","334917830873247331976381154459794066000","177924951166548806478344687584020217908","153299739250229614167617667876376557893","84265815331005270073039962125566638586","105502795374259753590934452742323092629","123013933675658844737198371296028143512","82066128683412745065137566045503026864","261292193795307544534949030580026777853","64111570154886694325493333109515886997","171780142670357872485095432955078437132","321333544137875615745871679586554424570","67756729216022336413590670817910045499","234390348100649634405377105554198074169","276729440000952003935074591877305356590"]},"signature_type":"Line","source":"https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837","deprecated":false,"target":{"file":"kdc/krb5tgs.c"},"signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T04:59:49Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6594.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"42.2"}]},{"events":[{"introduced":"0"},{"last_affected":"42.3"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}