CVE-2022-41916 — Off-by-one Error in Heimdal

CWE-193 — Off-by-one Error6 documents6 sources

Severity

7.5HIGHNVD

CNA5.9

EPSS

0.3%

top 49.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Heimdal Heimdal Project Heimdal Debian Linux

Timeline

PublishedNov 15

Latest updateDec 7

Description

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5heimdal/heimdal< 7.7.1

▶NVDheimdal_project/heimdal< 7.7.1

▶Debianheimdal_project/heimdal< 7.7.0+dfsg-2+deb11u2+3

Also affects: Debian Linux 10.0, 11.0

🔴Vulnerability Details

OSV

CVE-2022-41916: Heimdal is an implementation of ASN↗2022-11-15

▶

CVEList

Read one byte past a buffer when normalizing Unicode↗2022-11-15

▶

📋Vendor Advisories

Ubuntu

Heimdal vulnerability↗2022-12-07

▶

Microsoft

Read one byte past a buffer when normalizing Unicode↗2022-11-08

▶

Debian

CVE-2022-41916: heimdal - Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to...↗2022

▶