CVE-2022-41916
Read one byte past a buffer when normalizing Unicode
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.
Heimdal es una implementación de ASN.1/DER, PKIX y Kerberos. Las versiones anteriores a la 7.7.1 son vulnerables a una vulnerabilidad de denegación de servicio en la biblioteca de validación de certificados PKI de Heimdal, lo que afecta a KDC (a través de PKINIT) y kinit (a través de PKINIT), así como a cualquier aplicación de terceros que utilice libhx509 de Heimdal. Los usuarios deben actualizar a Heimdal 7.7.1 o 7.8. No se conocen workarounds para este problema.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-30 CVE Reserved
- 2022-11-15 CVE Published
- 2024-07-06 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-193: Off-by-one Error
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20230216-0008 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202310-06 | 2023-10-08 | |
https://www.debian.org/security/2022/dsa-5287 | 2023-10-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Heimdal Project Search vendor "Heimdal Project" | Heimdal Search vendor "Heimdal Project" for product "Heimdal" | < 7.7.1 Search vendor "Heimdal Project" for product "Heimdal" and version " < 7.7.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
|