Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-3116

Published: 7 October 2022

The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.

Notes

AuthorNote
sbeattie
VU#730793
believed to to be fixed by 7a19658c1 ("spnego: Fix NULL
deref")
believed to be introduced by b53c90da0 ("Make error reporting
somewhat more correct for SPNEGO.")
samba contains an embedded code copy of heimdal, but does not
use heimdal for SPNEGO

Priority

Medium

Status

Package Release Status
heimdal
Launchpad, Ubuntu, Debian
bionic
Released (7.5.0+dfsg-1ubuntu0.1)
focal
Released (7.7.0+dfsg-1ubuntu1.1)
jammy Needed

kinetic Needed

trusty
Released (1.6~git20131207+dfsg-1ubuntu1.2+esm1)
upstream Pending

xenial
Released (1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1)
Patches:
upstream: https://github.com/heimdal/heimdal/commit/7a19658c1f4fc4adf85bb7bea96caae5ba57b33e
Binaries built from this source package are in Universe and so are supported by the community.
samba
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable

jammy Not vulnerable

kinetic Not vulnerable

trusty Not vulnerable

upstream Not vulnerable

xenial Not vulnerable