Lucene search
Gentoo FoundationMGASA-2023-0098HistoryMar 19, 2023 - 1:16 a.m.
Updated heimdal packages fix security vulnerability
2023-03-1901:16:28
Gentoo Foundation
advisories.mageia.org
25
heimdal
packages
security vulnerability
cve-2022-3437
memcmp
constant time
compiler bug
backported
logic inversion
gssapi
arcfour
cve-2022-45142
unix
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.01 Low
EPSS
Percentile
83.7%
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding β!= 0β comparisons to the result of memcmp. When these patches were backported a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. (CVE-2022-45142)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 8 | noarch | heimdal | <Β 7.7.1-1.3 | heimdal-7.7.1-1.3.mga8 |
Related
nessus
nessus
Debian DSA-5344-1 : heimdal - security update
2023-02-09 00:00:00
Debian DLA-3311-1 : heimdal - LTS security update
2023-02-08 00:00:00
redhatcve
redhatcve
CVE-2022-45142
2023-02-09 13:26:48
CVE-2022-3437
2022-10-26 14:23:02
alpinelinux
alpinelinux
CVE-2022-45142
2023-03-06 23:15:11
CVE-2022-3437
2023-01-12 15:15:10
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0098)
2023-03-28 00:00:00
Debian: Security Advisory (DLA-3311-1)
2023-02-09 00:00:00
Debian: Security Advisory (DSA-5344-1)
2023-02-09 00:00:00
debian
debian
[SECURITY] [DLA 3311-1] heimdal security update
2023-02-08 11:57:40
[SECURITY] [DSA 5344-1] heimdal security update
2023-02-08 12:46:12
[SECURITY] [DSA 5287-1] heimdal security update
2022-11-22 19:58:01
prion
prion
Design/Logic Flaw
2023-03-06 23:15:00
Heap overflow
2023-01-12 15:15:00
nvd
nvd
CVE-2022-45142
2023-03-06 23:15:11
CVE-2022-3437
2023-01-12 15:15:10
cve
cve
CVE-2022-45142
2023-03-06 23:15:11
CVE-2022-3437
2023-01-12 15:15:10
ubuntucve
ubuntucve
CVE-2022-3437
2022-10-27 00:00:00
CVE-2022-45142
2023-02-08 00:00:00
debiancve
debiancve
CVE-2022-45142
2023-03-06 23:15:11
CVE-2022-3437
2023-01-12 15:15:10
cvelist
cvelist
CVE-2022-45142
2023-03-06 00:00:00
CVE-2022-3437
2023-01-12 00:00:00
osv
osv
CVE-2022-45142
2023-03-06 23:15:11
heimdal - security update
2023-02-08 00:00:00
heimdal - security update
2023-02-08 00:00:00
veracode
veracode
Business Logic Errors
2023-02-11 03:32:58
Buffer Overflow
2022-11-07 07:28:09
cbl_mariner
cbl_mariner
CVE-2022-45142 affecting package heimdal for versions less than 7.7.1-2
2023-03-24 23:56:03
CVE-2022-45142 affecting package heimdal 7.7.1-1
2023-04-07 04:59:28
CVE-2022-3437 affecting package samba 4.12.5-6
2024-07-05 21:08:40
cgr
cgr
CVE-2022-45142 vulnerabilities
2024-05-19 03:07:16
redos
redos
ROS-20230417-02
2023-04-17 00:00:00
ROS-20230324-01
2023-03-24 00:00:00
ubuntu
ubuntu
Heimdal vulnerabilities
2023-02-08 00:00:00
Heimdal vulnerabilities
2023-01-12 00:00:00
Samba vulnerabilities
2023-03-08 00:00:00
cloudfoundry
cloudfoundry
USN-5849-1: Heimdal vulnerabilities | Cloud Foundry
2023-02-24 00:00:00
USN-5800-1: Heimdal vulnerabilities | Cloud Foundry
2023-02-01 00:00:00
wolfi
wolfi
CVE-2022-45142 vulnerabilities
2024-07-05 21:08:40
ibm
ibm
samba
samba
Buffer overflow in Heimdal unwrap_des3()
2022-10-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.16.6-alt1
2022-10-27 00:00:00
f5
f5
K000133223 : Samba vulnerability CVE-2022-3437
2023-03-28 00:00:00
freebsd
freebsd
samba -- buffer overflow in Heimdal unwrap_des3()
2022-08-02 00:00:00
FreeBSD -- Multiple vulnerabilities in Heimdal
2022-11-15 00:00:00
slackware
slackware
[slackware-security] samba
2022-10-25 18:53:43
vulnrichment
vulnrichment
CVE-2022-3437
2023-01-12 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: samba-4.17.2-2.fc37
2022-11-10 22:53:16
[SECURITY] Fedora 36 Update: samba-4.16.6-0.fc36
2022-10-27 12:20:52
[SECURITY] Fedora 35 Update: samba-4.15.12-0.fc35
2022-12-02 06:21:54
cisa
cisa
Samba Releases Security UpdatesΒ
2022-10-26 00:00:00
gentoo
gentoo
Heimdal: Multiple Vulnerabilities
2023-10-08 00:00:00
Samba: Multiple Vulnerabilities
2023-09-17 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-22:14.heimdal
2022-11-15 00:00:00
mageia
mageia
Updated heimdal packages fix security vulnerability
2022-12-17 21:48:08
Updated samba packages fix security vulnerability
2023-01-24 10:58:24
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
apple
apple
About the security content of macOS Ventura 13
2022-10-24 00:00:00
avleonov
avleonov
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.01 Low
EPSS
Percentile
83.7%
Related for MGASA-2023-0098