Lucene search
Alpine Linux Development TeamALPINE:CVE-2022-42898HistoryDec 25, 2022 - 6:15 a.m.
CVE-2022-42898
2022-12-2506:15:09
Alpine Linux Development Team
security.alpinelinux.org
23
cve-2022-42898
integer overflows
remote code execution
denial of service
heap-based buffer overflow
krb5_pac_parse
heimdal bug
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.007
Percentile
80.5%
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has “a similar bug.”
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-main | noarch | heimdal | < 7.7.1-r0 | UNKNOWN |
| Alpine | edge-main | noarch | krb5 | < 1.20.1-r0 | UNKNOWN |
| Alpine | edge-main | noarch | samba | < 4.16.7-r0 | UNKNOWN |
| Alpine | 3.14-main | noarch | heimdal | < 7.7.1-r0 | UNKNOWN |
| Alpine | 3.15-main | noarch | heimdal | < 7.7.1-r0 | UNKNOWN |
| Alpine | 3.15-main | noarch | krb5 | < 1.19.4-r0 | UNKNOWN |
| Alpine | 3.15-main | noarch | samba | < 4.15.12-r0 | UNKNOWN |
| Alpine | 3.16-main | noarch | heimdal | < 7.7.1-r0 | UNKNOWN |
| Alpine | 3.16-main | noarch | krb5 | < 1.19.4-r0 | UNKNOWN |
| Alpine | 3.16-main | noarch | samba | < 4.15.12-r0 | UNKNOWN |
Related
openvas
openvas
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2023-1136)
2023-01-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0198-1)
2023-01-30 00:00:00
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2023-1321)
2023-02-09 00:00:00
nessus
nessus
SUSE SLES12 Security Update : krb5 (SUSE-SU-2022:4335-1)
2022-12-07 00:00:00
RHEL 8 : krb5 (RHSA-2022:8639)
2022-11-28 00:00:00
EulerOS 2.0 SP5 : krb5 (EulerOS-SA-2023-2153)
2023-06-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-11-21 15:06:29
debiancve
debiancve
CVE-2022-42898
2022-12-25 06:15:09
fedora
fedora
[SECURITY] Fedora 37 Update: samba-4.17.3-0.fc37
2022-11-18 01:18:28
[SECURITY] Fedora 37 Update: krb5-1.19.2-13.fc37
2022-11-22 01:37:30
[SECURITY] Fedora 36 Update: krb5-1.19.2-12.fc36
2022-11-22 01:20:35
amazon
amazon
Important: krb5
2023-01-18 20:56:00
Important: krb5
2023-01-31 20:44:00
Important: krb5
2023-01-18 00:17:00
cisa
cisa
Samba Releases Security Updates
2022-11-16 00:00:00
redhat
redhat
(RHSA-2022:8637) Important: krb5 security update
2022-11-28 09:18:18
(RHSA-2022:9029) Important: Red Hat Virtualization Host security update [ovirt-4.5.3-3]
2022-12-14 14:12:25
(RHSA-2022:8638) Important: krb5 security update
2022-11-28 09:21:44
cbl_mariner
cbl_mariner
CVE-2022-42898 affecting package samba 4.12.5-6
2024-09-27 09:12:43
CVE-2022-42898 affecting package heimdal 7.7.0-5
2023-01-29 21:01:57
CVE-2022-42898 affecting package krb5 1.18.4-2
2023-01-29 21:01:58
osv
osv
ctdb-4.17.3+git.279.ff9bb8a298-1.1 on GA media
2024-06-15 00:00:00
krb5 - security update
2022-11-29 00:00:00
Important: krb5 security update
2022-11-28 09:18:18
f5
f5
SAMBA vulnerability CVE-2022-42898
2022-11-29 22:49:00
altlinux
altlinux
Security fix for the ALT Linux 9 package krb5 version 1.17.2-alt4
2022-11-24 00:00:00
Security fix for the ALT Linux 10 package samba version 4.16.7-alt1
2022-11-22 00:00:00
prion
prion
Integer overflow
2022-12-25 06:15:00
rocky
rocky
krb5 security update
2022-11-28 09:18:18
krb5 security update
2022-11-28 09:21:44
oraclelinux
oraclelinux
krb5 security update
2022-11-29 00:00:00
krb5 security update
2023-02-09 00:00:00
krb5 security update
2022-11-29 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898)
2023-09-19 19:52:23
almalinux
almalinux
Important: krb5 security update
2022-11-28 00:00:00
Important: krb5 security update
2022-11-28 00:00:00
centos
centos
krb5, libkadm5 security update
2022-11-30 23:03:16
cve
cve
CVE-2022-42898
2022-12-25 06:15:09
samba
samba
Samba buffer overflow vulnerabilities on 32-bit
2022-11-15 00:00:00
redhatcve
redhatcve
CVE-2022-42898
2022-11-15 19:56:22
slackware
slackware
[slackware-security] samba
2022-11-17 02:00:41
[slackware-security] krb5
2022-11-17 01:59:39
debian
debian
[SECURITY] [DSA 5286-1] krb5 security update
2022-11-19 13:31:00
[SECURITY] [DLA 3213-1] krb5 security update
2022-11-29 15:07:54
mageia
mageia
Updated krb5 packages fix security vulnerability
2022-12-17 21:48:08
nvd
nvd
CVE-2022-42898
2022-12-25 06:15:09
ubuntucve
ubuntucve
CVE-2022-42898
2022-12-25 00:00:00
cloudlinux
cloudlinux
krb5: Fix of CVE-2022-42898
2022-12-12 19:47:31
cvelist
cvelist
CVE-2022-42898
2022-12-25 00:00:00
freebsd
freebsd
krb5 -- Integer overflow vulnerabilities in PAC parsing
2022-11-05 00:00:00
ubuntu
ubuntu
Kerberos vulnerabilities
2023-01-25 00:00:00
cloudfoundry
cloudfoundry
USN-5828-1: Kerberos vulnerabilities | Cloud Foundry
2023-02-24 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.007
Percentile
80.5%
Related for ALPINE:CVE-2022-42898