Search CVE reports
1 – 10 of 23 results
CVE-2022-45142
Medium prioritySome fixes available 4 of 10
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1...
1 affected package
heimdal
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
heimdal | Vulnerable | Needs evaluation | Fixed | Fixed | Fixed |
CVE-2021-44758
Medium prioritySome fixes available 4 of 10
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
1 affected package
heimdal
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
heimdal | Vulnerable | Vulnerable | Fixed | Fixed | Fixed |
CVE-2022-42898
Medium prioritySome fixes available 13 of 22
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which...
3 affected packages
heimdal, krb5, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
heimdal | Vulnerable | Vulnerable | Fixed | Fixed | Fixed |
krb5 | Not affected | Fixed | Fixed | Fixed | Fixed |
samba | Not affected | Fixed | Fixed | Vulnerable | Needs evaluation |
CVE-2022-44640
Medium prioritySome fixes available 4 of 10
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
2 affected packages
heimdal, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
heimdal | Vulnerable | Vulnerable | Fixed | Fixed | Fixed |
samba | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-41916
Medium prioritySome fixes available 4 of 10
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit...
1 affected package
heimdal
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
heimdal | Vulnerable | Vulnerable | Fixed | Fixed | Fixed |
CVE-2022-3437
Medium prioritySome fixes available 11 of 16
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited...
2 affected packages
heimdal, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
heimdal | Not affected | Vulnerable | Fixed | Fixed | Fixed |
samba | Fixed | Fixed | Fixed | Vulnerable | Needs evaluation |
CVE-2022-3116
Medium prioritySome fixes available 4 of 10
The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.
2 affected packages
heimdal, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
heimdal | Vulnerable | Vulnerable | Fixed | Fixed | Fixed |
samba | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2021-3671
Low prioritySome fixes available 14 of 18
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
2 affected packages
heimdal, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
heimdal | Not affected | Not affected | Fixed | Fixed | Fixed |
samba | Fixed | Fixed | Fixed | Fixed | Vulnerable |
CVE-2019-12098
Low prioritySome fixes available 3 of 5
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.
1 affected package
heimdal
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
heimdal | — | Not affected | Not affected | Fixed | Fixed |
CVE-2018-16860
Medium prioritySome fixes available 11 of 13
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this...
2 affected packages
heimdal, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
heimdal | — | Not affected | Not affected | Fixed | Fixed |
samba | — | Fixed | Fixed | Fixed | Fixed |