Published: 27 October 2022
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
The focal samba update was temporarily reverted by USN 5822-2 because it introduced regressions. It was later updated again with USN 5936-1.
heimdal patch f6edaafc introduced a new issue, assigned as CVE-2022-45142.
Cvss 3 Severity Score
Severity score breakdown