Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-45142HistoryMar 06, 2023 - 11:15 p.m.
CVE-2022-45142
2023-03-0623:15:11
Debian Security Bug Tracker
security-tracker.debian.org
25
cve-2022-3437
heimdal-7.7.1
heimdal-7.8.0
logic inversion
gssapi/arcfour
message integrity codes
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.022
Percentile
89.6%
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding “!= 0” comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | heimdal | < 7.8.git20221117.28daf24+dfsg-1.1 | heimdal_7.8.git20221117.28daf24+dfsg-1.1_all.deb |
| Debian | 11 | all | heimdal | < 7.7.0+dfsg-2+deb11u3 | heimdal_7.7.0+dfsg-2+deb11u3_all.deb |
| Debian | 999 | all | heimdal | < 7.8.git20221117.28daf24+dfsg-1.1 | heimdal_7.8.git20221117.28daf24+dfsg-1.1_all.deb |
| Debian | 13 | all | heimdal | < 7.8.git20221117.28daf24+dfsg-1.1 | heimdal_7.8.git20221117.28daf24+dfsg-1.1_all.deb |
Related
nessus
nessus
Debian DSA-5344-1 : heimdal - security update
2023-02-09 00:00:00
Debian DLA-3311-1 : heimdal - LTS security update
2023-02-08 00:00:00
prion
prion
Design/Logic Flaw
2023-03-06 23:15:00
Heap overflow
2023-01-12 15:15:00
debian
debian
[SECURITY] [DLA 3311-1] heimdal security update
2023-02-08 11:57:40
[SECURITY] [DSA 5344-1] heimdal security update
2023-02-08 12:46:12
[SECURITY] [DSA 5287-1] heimdal security update
2022-11-22 19:58:01
nvd
nvd
CVE-2022-45142
2023-03-06 23:15:11
CVE-2022-3437
2023-01-12 15:15:10
redhatcve
redhatcve
CVE-2022-45142
2023-02-09 13:26:48
CVE-2022-3437
2022-10-26 14:23:02
mageia
mageia
Updated heimdal packages fix security vulnerability
2023-03-19 01:16:28
Updated samba packages fix security vulnerability
2023-01-24 10:58:24
Updated heimdal packages fix security vulnerability
2022-12-17 21:48:08
alpinelinux
alpinelinux
CVE-2022-45142
2023-03-06 23:15:11
CVE-2022-3437
2023-01-12 15:15:10
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0098)
2023-03-28 00:00:00
Debian: Security Advisory (DLA-3311-1)
2023-02-09 00:00:00
Debian: Security Advisory (DSA-5344-1)
2023-02-09 00:00:00
ubuntucve
ubuntucve
CVE-2022-45142
2023-02-08 00:00:00
CVE-2022-3437
2022-10-27 00:00:00
osv
osv
CVE-2022-45142
2023-03-06 23:15:11
heimdal - security update
2023-02-08 00:00:00
heimdal - security update
2023-02-08 00:00:00
cve
cve
CVE-2022-45142
2023-03-06 23:15:11
CVE-2022-3437
2023-01-12 15:15:10
cvelist
cvelist
CVE-2022-45142
2023-03-06 00:00:00
CVE-2022-3437
2023-01-12 00:00:00
veracode
veracode
Business Logic Errors
2023-02-11 03:32:58
Buffer Overflow
2022-11-07 07:28:09
redos
redos
ROS-20230417-02
2023-04-17 00:00:00
ROS-20230324-01
2023-03-24 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-45142 affecting package heimdal 7.7.1-1
2023-04-07 04:59:28
CVE-2022-45142 affecting package heimdal for versions less than 7.7.1-2
2023-03-24 23:56:03
CVE-2022-3437 affecting package samba 4.12.5-6
2024-09-30 03:52:42
ubuntu
ubuntu
Heimdal vulnerabilities
2023-02-08 00:00:00
Heimdal vulnerabilities
2023-01-12 00:00:00
Samba vulnerabilities
2023-03-08 00:00:00
cloudfoundry
cloudfoundry
USN-5849-1: Heimdal vulnerabilities | Cloud Foundry
2023-02-24 00:00:00
USN-5800-1: Heimdal vulnerabilities | Cloud Foundry
2023-02-01 00:00:00
wolfi
wolfi
CVE-2022-45142 vulnerabilities
2024-09-30 03:53:08
cgr
cgr
CVE-2022-45142 vulnerabilities
2024-05-19 03:07:16
freebsd
freebsd
samba -- buffer overflow in Heimdal unwrap_des3()
2022-08-02 00:00:00
FreeBSD -- Multiple vulnerabilities in Heimdal
2022-11-15 00:00:00
debiancve
debiancve
CVE-2022-3437
2023-01-12 15:15:10
ibm
ibm
f5
f5
K000133223 : Samba vulnerability CVE-2022-3437
2023-03-28 00:00:00
samba
samba
Buffer overflow in Heimdal unwrap_des3()
2022-10-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.16.6-alt1
2022-10-27 00:00:00
slackware
slackware
[slackware-security] samba
2022-10-25 18:53:43
vulnrichment
vulnrichment
CVE-2022-3437
2023-01-12 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: samba-4.16.6-0.fc36
2022-10-27 12:20:52
[SECURITY] Fedora 37 Update: samba-4.17.2-2.fc37
2022-11-10 22:53:16
[SECURITY] Fedora 35 Update: samba-4.15.12-0.fc35
2022-12-02 06:21:54
cisa
cisa
Samba Releases Security Updates
2022-10-26 00:00:00
gentoo
gentoo
Heimdal: Multiple Vulnerabilities
2023-10-08 00:00:00
Samba: Multiple Vulnerabilities
2023-09-17 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-22:14.heimdal
2022-11-15 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2451
2024-07-15 09:04:20
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
apple
apple
About the security content of macOS Ventura 13
2022-10-24 00:00:00
avleonov
avleonov
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.022
Percentile
89.6%
Related for DEBIANCVE:CVE-2022-45142