Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-3116

Published: 7 October 2022

The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.

Notes

AuthorNote
sbeattie
VU#730793
believed to to be fixed by 7a19658c1 ("spnego: Fix NULL
deref")
believed to be introduced by b53c90da0 ("Make error reporting
somewhat more correct for SPNEGO.")
samba contains an embedded code copy of heimdal, but does not
use heimdal for SPNEGO

Priority

Medium

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
jammy Not vulnerable

trusty Not vulnerable

upstream Not vulnerable

xenial Not vulnerable

lunar Not vulnerable

bionic Not vulnerable

focal Not vulnerable

kinetic Not vulnerable

heimdal
Launchpad, Ubuntu, Debian
kinetic Ignored
(end of life, was needed)
lunar Needed

jammy Needed

upstream Pending

bionic
Released (7.5.0+dfsg-1ubuntu0.1)
focal
Released (7.7.0+dfsg-1ubuntu1.1)
trusty
Released (1.6~git20131207+dfsg-1ubuntu1.2+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
xenial
Released (1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
Patches:
upstream: https://github.com/heimdal/heimdal/commit/7a19658c1f4fc4adf85bb7bea96caae5ba57b33e
Binaries built from this source package are in Universe and so are supported by the community.

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H