CVE-2022-44640 — Double Free in Project Heimdal

CWE-415 — Double Free7 documents7 sources

Severity

9.8CRITICALNVD

EPSS

1.2%

top 21.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Heimdal Project Heimdal Samba

Timeline

PublishedDec 25

Latest updateJan 12

Description

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDheimdal_project/heimdal< 7.7.1

▶Debianheimdal_project/heimdal< 7.7.0+dfsg-2+deb11u2+3

▶NVDsamba/samba4.15.0 — 4.15.3+2

▶Debiansamba/samba< 2:4.17.4+dfsg-1+2

🔴Vulnerability Details

CVEList

CVE-2022-44640: Heimdal before 7↗2022-12-25

▶

OSV

CVE-2022-44640: Heimdal before 7↗2022-12-25

▶

📋Vendor Advisories

Ubuntu

Heimdal vulnerabilities↗2023-01-12

▶

Microsoft

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).↗2022-12-13

▶

BSD

FreeBSD-SA-22:14.heimdal: Multiple vulnerabilities in Heimdal [REVISED]↗2022-11-15

▶

Debian

CVE-2022-44640: heimdal - Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because o...↗2022

▶