The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.

🗓️ 14 Mar 2023 07:00:00Reported by MicrosoftType

Backported CVE-2022-3437 altered memcmp timing and added !=0 checks, reversing MIC validation.

Reporter	Title	Published	Views	Family All 244
FreeBSD	samba -- buffer overflow in Heimdal unwrap_des3()	2 Aug 202200:00	–	freebsd
FreeBSD	FreeBSD -- Multiple vulnerabilities in Heimdal	15 Nov 202200:00	–	freebsd
IBM Security Bulletins	Security Bulletin: CVE-2022-45142, CVE-2022-4304, CVE-2022-4450 and CVE-2023-0215 may affect IBM CICS TX Advanced 10.1	22 Jun 202317:23	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2022-3437)	7 Mar 202316:41	–	ibm
ATTACKERKB	CVE-2022-3437	12 Jan 202315:15	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2023-032)	21 Mar 202300:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: samba (CVE-2022-3437)	22 Jan 202600:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: heimdal (CVE-2022-45142)	29 Mar 202500:00	–	nessus
Tenable Nessus	Debian dla-3206 : heimdal-clients - security update	27 Nov 202200:00	–	nessus
Tenable Nessus	Debian dla-3311 : heimdal-clients - security update	8 Feb 202300:00	–	nessus