CVE-2022-3116
Published: 7 October 2022
The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.
Notes
Author | Note |
---|---|
sbeattie |
VU#730793 believed to to be fixed by 7a19658c1 ("spnego: Fix NULL deref") believed to be introduced by b53c90da0 ("Make error reporting somewhat more correct for SPNEGO.") samba contains an embedded code copy of heimdal, but does not use heimdal for SPNEGO |
Priority
Status
Package | Release | Status |
---|---|---|
heimdal
Launchpad, Ubuntu, Debian |
bionic |
Released
(7.5.0+dfsg-1ubuntu0.1)
|
focal |
Released
(7.7.0+dfsg-1ubuntu1.1)
|
|
jammy |
Needed
|
|
kinetic |
Ignored
(end of life, was needed)
|
|
lunar |
Ignored
(end of life, was needed)
|
|
mantic |
Ignored
(end of life, was needed)
|
|
noble |
Needed
|
|
trusty |
Released
(1.6~git20131207+dfsg-1ubuntu1.2+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Pending
|
|
xenial |
Released
(1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
Patches:
upstream: https://github.com/heimdal/heimdal/commit/7a19658c1f4fc4adf85bb7bea96caae5ba57b33e |
||
Binaries built from this source package are in Universe and so are supported by the community. | ||
samba
Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
focal |
Not vulnerable
|
|
jammy |
Not vulnerable
|
|
kinetic |
Not vulnerable
|
|
lunar |
Not vulnerable
|
|
mantic |
Not vulnerable
|
|
noble |
Not vulnerable
|
|
trusty |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
xenial |
Not vulnerable
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |