CVE-2022-3116
Published: 7 October 2022
The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.
Notes
| Author | Note |
|---|---|
| sbeattie | VU#730793
believed to to be fixed by 7a19658c1 ("spnego: Fix NULL
deref")
believed to be introduced by b53c90da0 ("Make error reporting
somewhat more correct for SPNEGO.")
samba contains an embedded code copy of heimdal, but does not
use heimdal for SPNEGO |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
samba Launchpad, Ubuntu, Debian |
jammy |
Not vulnerable
|
| trusty |
Not vulnerable
|
|
| upstream |
Not vulnerable
|
|
| xenial |
Not vulnerable
|
|
| lunar |
Not vulnerable
|
|
| bionic |
Not vulnerable
|
|
| focal |
Not vulnerable
|
|
| kinetic |
Not vulnerable
|
|
|
heimdal Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needed)
|
| lunar |
Needed
|
|
| jammy |
Needed
|
|
| upstream |
Pending
|
|
| bionic |
Released
(7.5.0+dfsg-1ubuntu0.1)
|
|
| focal |
Released
(7.7.0+dfsg-1ubuntu1.1)
|
|
| trusty |
Released
(1.6~git20131207+dfsg-1ubuntu1.2+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| xenial |
Released
(1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
Patches: upstream: https://github.com/heimdal/heimdal/commit/7a19658c1f4fc4adf85bb7bea96caae5ba57b33e |
||
| Binaries built from this source package are in Universe and so are supported by the community. | ||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |