Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-5287-1:12BD4
HistoryNov 22, 2022 - 7:58 p.m.

[SECURITY] [DSA 5287-1] heimdal security update

2022-11-2219:58:01
lists.debian.org
28

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

60.3%

JSON

Debian Security Advisory DSA-5287-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
November 22, 2022 https://www.debian.org/security/faq

Package : heimdal
CVE ID : CVE-2021-3671 CVE-2021-44758 CVE-2022-3437 CVE-2022-41916
CVE-2022-42898 CVE-2022-44640
Debian Bug : 996586

Several vulnerabilities were discovered in Heimdal, an implementation of
Kerberos 5 that aims to be compatible with MIT Kerberos.

CVE-2021-3671

Joseph Sutton discovered that the Heimdal KDC does not validate that
the server name in the TGS-REQ is present before dereferencing,
which may result in denial of service.

CVE-2021-44758

It was discovered that Heimdal is prone to a NULL dereference in
acceptors where an initial SPNEGO token that has no acceptable
mechanisms, which may result in denial of service for a server
application that uses SPNEGO.

CVE-2022-3437

Several buffer overflow flaws and non-constant time leaks were
discovered when using 1DES, 3DES or RC4 (arcfour).

CVE-2022-41916

An out-of-bounds memory access was discovered when Heimdal
normalizes Unicode, which may result in denial of service.

CVE-2022-42898

It was discovered that integer overflows in PAC parsing may result
in denial of service for Heimdal KDCs or possibly Heimdal servers.

CVE-2022-44640

It was discovered that the Heimdal's ASN.1 compiler generates code
that allows specially crafted DER encodings to invoke an invalid
free on the decoded structure upon decode error, which may result in
remote code execution in the Heimdal KDC.

For the stable distribution (bullseye), these problems have been fixed in
version 7.7.0+dfsg-2+deb11u2.

We recommend that you upgrade your heimdal packages.

For the detailed security status of heimdal please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/heimdal

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11i386libotp0-heimdal< 7.7.0+dfsg-2+deb11u2libotp0-heimdal_7.7.0+dfsg-2+deb11u2_i386.deb
Debian11mips64ellibkrb5-26-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u2libkrb5-26-heimdal-dbgsym_7.7.0+dfsg-2+deb11u2_mips64el.deb
Debian11ppc64ellibkrb5-26-heimdal< 7.7.0+dfsg-2+deb11u2libkrb5-26-heimdal_7.7.0+dfsg-2+deb11u2_ppc64el.deb
Debian11ppc64ellibheimbase1-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u2libheimbase1-heimdal-dbgsym_7.7.0+dfsg-2+deb11u2_ppc64el.deb
Debian11arm64libkrb5-26-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u2libkrb5-26-heimdal-dbgsym_7.7.0+dfsg-2+deb11u2_arm64.deb
Debian11allheimdal-docs< 7.7.0+dfsg-2+deb11u2heimdal-docs_7.7.0+dfsg-2+deb11u2_all.deb
Debian11armhflibheimbase1-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u2libheimbase1-heimdal-dbgsym_7.7.0+dfsg-2+deb11u2_armhf.deb
Debian10amd64libkadm5clnt7-heimdal< 7.5.0+dfsg-3+deb10u1libkadm5clnt7-heimdal_7.5.0+dfsg-3+deb10u1_amd64.deb
Debian10armhfheimdal-clients< 7.5.0+dfsg-3+deb10u1heimdal-clients_7.5.0+dfsg-3+deb10u1_armhf.deb
Debian11mipsellibgssapi3-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u2libgssapi3-heimdal-dbgsym_7.7.0+dfsg-2+deb11u2_mipsel.deb
Rows per page:
1-10 of 4791

Related

osv 11
nessus 64
openvas 43
fedora 8
mageia 3
debian 1
ubuntu 2
cloudfoundry 2
freebsd 2
freebsd_advisory 1
gentoo 1
alpinelinux 5
prion 5
cbl_mariner 8
ubuntucve 3
debiancve 6
cve 5
veracode 5
redhatcve 2
redhat 5
cisa 1
amazon 1
altlinux 3
ibm 3
oraclelinux 3
f5 2
almalinux 1
centos 1
rocky 1
samba 1
osv
osv
heimdal - security update
2022-11-22 00:00:00
heimdal - security update
2022-11-26 00:00:00
heimdal vulnerabilities
2023-01-12 17:12:53
nessus
nessus
Fedora 36 : heimdal (2022-dba9ba8e2b)
2022-12-22 00:00:00
Fedora 35 : heimdal (2022-cbbd105d08)
2022-12-23 00:00:00
Debian DSA-5287-1 : heimdal - security update
2022-11-23 00:00:00
openvas
openvas
Fedora: Security Advisory for heimdal (FEDORA-2022-2c77cee4b5)
2022-11-30 00:00:00
Fedora: Security Advisory for heimdal (FEDORA-2022-cbbd105d08)
2022-11-30 00:00:00
Debian: Security Advisory (DSA-5287-1)
2022-11-24 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: heimdal-7.7.1-3.fc35
2022-11-30 01:38:55
[SECURITY] Fedora 36 Update: heimdal-7.7.1-3.fc36
2022-11-30 01:35:59
[SECURITY] Fedora 37 Update: heimdal-7.7.1-3.fc37
2022-11-30 01:36:43
mageia
mageia
Updated heimdal packages fix security vulnerability
2022-12-17 21:48:08
Updated heimdal packages fix security vulnerability
2021-12-08 23:04:18
Updated krb5 packages fix security vulnerability
2022-12-17 21:48:08
debian
debian
[SECURITY] [DLA 3206-1] heimdal security update
2022-11-26 20:21:42
ubuntu
ubuntu
Heimdal vulnerabilities
2023-01-12 00:00:00
Heimdal vulnerability
2022-12-07 00:00:00
cloudfoundry
cloudfoundry
USN-5800-1: Heimdal vulnerabilities | Cloud Foundry
2023-02-01 00:00:00
USN-5766-1-Heimdal-vulnerability | Cloud Foundry
2023-01-13 00:00:00
freebsd
freebsd
FreeBSD -- Multiple vulnerabilities in Heimdal
2022-11-15 00:00:00
samba -- buffer overflow in Heimdal unwrap_des3()
2022-08-02 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-22:14.heimdal
2022-11-15 00:00:00
gentoo
gentoo
Heimdal: Multiple Vulnerabilities
2023-10-08 00:00:00
alpinelinux
alpinelinux
CVE-2021-44758
2022-12-26 05:15:00
CVE-2022-41916
2022-11-15 23:15:00
CVE-2022-44640
2022-12-25 05:15:00
prion
prion
Code injection
2022-12-25 05:15:00
Null pointer dereference
2022-12-26 05:15:00
Denial of service
2022-11-15 23:15:00
cbl_mariner
cbl_mariner
CVE-2022-44640 affecting package heimdal 7.7.0-5
2023-01-29 21:01:57
CVE-2022-41916 affecting package heimdal 7.7.0-5
2023-01-29 21:01:57
CVE-2022-41916 affecting package heimdal 7.7.0-8
2023-01-03 20:57:28
ubuntucve
ubuntucve
CVE-2022-44640
2022-12-25 00:00:00
CVE-2022-41916
2022-11-15 00:00:00
CVE-2021-44758
2022-12-26 00:00:00
debiancve
debiancve
CVE-2021-44758
2022-12-26 05:15:00
CVE-2022-41916
2022-11-15 23:15:00
CVE-2022-44640
2022-12-25 05:15:00
cve
cve
CVE-2022-41916
2022-11-15 23:15:00
CVE-2022-44640
2022-12-25 05:15:00
CVE-2021-44758
2022-12-26 05:15:00
veracode
veracode
Remote Code Execution (RCE)
2022-11-24 13:35:06
Denial Of Service (DoS)
2022-11-24 13:09:08
Denial Of Service
2022-11-23 05:49:26
redhatcve
redhatcve
CVE-2021-3671
2021-10-12 04:49:54
CVE-2022-3437
2022-10-26 14:23:02
redhat
redhat
(RHSA-2022:9029) Important: Red Hat Virtualization Host security update [ovirt-4.5.3-3]
2022-12-14 14:12:25
(RHSA-2022:8639) Important: krb5 security update
2022-11-28 09:36:41
(RHSA-2022:8638) Important: krb5 security update
2022-11-28 09:21:44
cisa
cisa
Samba Releases Security Updates
2022-11-16 00:00:00
amazon
amazon
Important: krb5
2023-01-18 20:56:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.14.8-alt1
2021-10-20 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.17.2-alt4
2022-11-24 00:00:00
Security fix for the ALT Linux 10 package samba version 4.16.6-alt1
2022-10-27 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2022-3437)
2023-03-07 16:41:57
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in MIT krb5 (CVE-2022-42898).
2023-03-31 17:55:17
Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898)
2023-09-19 19:52:23
oraclelinux
oraclelinux
krb5 security update
2023-02-09 00:00:00
krb5 security update
2022-11-29 00:00:00
krb5 security update
2022-11-28 00:00:00
f5
f5
SAMBA vulnerability CVE-2022-42898
2022-11-29 22:49:00
K000133223 : Samba vulnerability CVE-2022-3437
2023-03-28 00:00:00
almalinux
almalinux
Important: krb5 security update
2022-11-28 00:00:00
centos
centos
krb5, libkadm5 security update
2022-11-30 23:03:16
rocky
rocky
krb5 security update
2022-11-28 09:18:18
samba
samba
Buffer overflow in Heimdal unwrap_des3()
2022-10-25 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

60.3%

JSON
Related for DEBIAN:DSA-5287-1:12BD4
osv11nessus64openvas43fedora8mageia3debian1ubuntu2cloudfoundry2freebsd2freebsd_advisory1gentoo1alpinelinux5prion5cbl_mariner8ubuntucve3debiancve6cve5veracode5redhatcve2redhat5cisa1amazon1altlinux3ibm3oraclelinux3f52almalinux1centos1rocky1samba1