CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-45142 – Gentoo Linux Security Advisory 202310-06
https://notcve.org/view.php?id=CVE-2022-45142
08 Feb 2023 — The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. Helmut Grohne discovered a flaw in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos. The... • https://security.gentoo.org/glsa/202310-06 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44758 – Gentoo Linux Security Advisory 202310-06
https://notcve.org/view.php?id=CVE-2021-44758
23 Nov 2022 — Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. Heimdal anterior a 7.7.1 permite a los atacantes provocar una desreferencia de puntero NULL en un aceptador SPNEGO a través de preferred_mech_type de GSS_C_NO_OID y un valor nonzero initial_response distinto de cero para send_accept. It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attac... • https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2022-44640 – Gentoo Linux Security Advisory 202310-06
https://notcve.org/view.php?id=CVE-2022-44640
23 Nov 2022 — Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). Heimdal anterior a 7.7.1 permite a atacantes remotos ejecutar código arbitrario debido a un free no válido en el códec ASN.1 utilizado por el Centro de distribución de claves (KDC). It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. Evgeny Legerov dis... • https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4 •
CVSS: 9.0EPSS: 6%CPEs: 7EXPL: 1CVE-2022-42898 – krb5: integer overflow vulnerabilities in PAC parsing
https://notcve.org/view.php?id=CVE-2022-42898
21 Nov 2022 — PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." El análisis sintáctico de PAC en MIT Kerberos 5 (también conocido como krb5) antes de 1.19.4 y... • https://bugzilla.samba.org/show_bug.cgi?id=15203 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41916 – Read one byte past a buffer when normalizing Unicode
https://notcve.org/view.php?id=CVE-2022-41916
15 Nov 2022 — Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. Heimdal es una implementación de ASN.1/DER, PKIX y Kerberos. • https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx • CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3116 – Ubuntu Security Notice USN-5675-1
https://notcve.org/view.php?id=CVE-2022-3116
17 Oct 2022 — The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. Isaac Boukris and Andrew Bartlett discovered that Heimdal's KDC was not properly performing checksum algorithm verifications in the S4U2Self extension module. An attacker could possibly use this issue to perform a machine-in-the-middle attack and request S4U2Self tickets for any user known by... • https://security.netapp.com/advisory/ntap-20230505-0010 • CWE-476: NULL Pointer Dereference •
CVSS: 7.4EPSS: 3%CPEs: 9EXPL: 0CVE-2019-12098 – Ubuntu Security Notice USN-5675-1
https://notcve.org/view.php?id=CVE-2019-12098
15 May 2019 — In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. En el lado del cliente de Heimdal anterior de la versión 7.6.0, el fallo en la comprobación anónima del intercambio de claves PKINIT PA-PKINIT-KX permite un ataque de tipo man-in-the-middle. Este problema está en krb5_init_creds_step en lib/krb5/init_creds_pw.c. Isaac Boukris and Andrew Bartlett discove... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2018-16860 – Ubuntu Security Notice USN-5675-1
https://notcve.org/view.php?id=CVE-2018-16860
14 May 2019 — A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal. Se encontró un fallo en la implementación de Heimdal KDC de samba, versione... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 0CVE-2017-17439
https://notcve.org/view.php?id=CVE-2017-17439
06 Dec 2017 — In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c. En Heimdal hasta la versión 7.4 atacantes remotos no autenticados pueden provocar el cierre inesperado d... • http://h5l.org/advisories.html?show=2017-12-08 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6594
https://notcve.org/view.php?id=CVE-2017-6594
28 Aug 2017 — The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. El código de validación de ruta de tránsito en Heimdal en versiones anteriores a la 7.3 podría permitir que atacantes omitan el mecanismo de protección de política capath aprovechándose del error a la hora de añadir el dominio de salto anterior a la ruta de tránsito de tickets emitidos. • http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html • CWE-295: Improper Certificate Validation •