CVE-2022-44640: Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).

Affected

23 ranges

Vendor	Product	Version range	Fixed in
debian	heimdal	< heimdal 7.8.git20221115.a6cf945+dfsg-1 (bookworm)	heimdal 7.8.git20221115.a6cf945+dfsg-1 (bookworm)
debian	samba	< heimdal 7.8.git20221115.a6cf945+dfsg-1 (bookworm)	heimdal 7.8.git20221115.a6cf945+dfsg-1 (bookworm)
heimdal_project	heimdal	< 7.7.1	7.7.1
heimdal_project	heimdal	>= 0 < 7.7.0+dfsg-2+deb11u2	7.7.0+dfsg-2+deb11u2
heimdal_project	heimdal	>= 0 < 7.8.git20221115.a6cf945+dfsg-1	7.8.git20221115.a6cf945+dfsg-1
heimdal_project	heimdal	>= 0 < 7.8.git20221115.a6cf945+dfsg-1	7.8.git20221115.a6cf945+dfsg-1
heimdal_project	heimdal	>= 0 < 7.8.git20221115.a6cf945+dfsg-1	7.8.git20221115.a6cf945+dfsg-1
heimdal_project	heimdal	>= 0 < 7.5.0+dfsg-1ubuntu0.3	7.5.0+dfsg-1ubuntu0.3
heimdal_project	heimdal	>= 0 < 7.7.0+dfsg-1ubuntu1.3	7.7.0+dfsg-1ubuntu1.3
heimdal_project	heimdal	>= 0 < 1.6~git20131207+dfsg-1ubuntu1.2+esm3	1.6~git20131207+dfsg-1ubuntu1.2+esm3
heimdal_project	heimdal	>= 0 < 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3	1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3
msrc	azl3_samba_4.18.3-1_on_azure_linux_3.0	—	—
msrc	azure_linux_3.0_arm	—	—
msrc	azure_linux_3.0_x64	—	—
msrc	cbl_mariner_1.0_arm	—	—
msrc	cbl_mariner_1.0_x64	—	—
msrc	cm1_heimdal_7.7.1-1_on_cbl_mariner_1.0	—	—
samba	samba	>= 0 < 2:4.17.4+dfsg-1	2:4.17.4+dfsg-1
samba	samba	>= 0 < 2:4.17.4+dfsg-1	2:4.17.4+dfsg-1
samba	samba	>= 0 < 2:4.17.4+dfsg-1	2:4.17.4+dfsg-1
samba	samba	>= 4.15.0 < 4.15.3	4.15.3
samba	samba	>= 4.16.0 < 4.16.8	4.16.8
samba	samba	>= 4.17.0 < 4.17.4	4.17.4

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL