Astra Linux - уязвимость в heimdal, samba

A heap-based buffer overflow vulnerability was discovered in Samba, within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow for a length-limited write buffer overflow on memory allocated by malloc, when a...

Azure Linux 3.0 Security Update: samba (CVE-2022-3437)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3437 advisory. - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3...

CLSA-2023-1703011710 Fix CVE(s): CVE-2022-3437

SECURITY UPDATE: A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal - debian/patches/CVE-2022-3437-1.patch: thirdparty/heimdal: use constant-time memcmp for arcfour unwrap - debian/patches/CVE-2022-3437-3.patch:...

CLSA-2023-1675372486 Fix CVE(s): CVE-2022-3437

SECURITY UPDATE: heap-based buffer overflows in Heimdal ARC4 and DES3 - debian/patches/CVE-2022-3437.patch: add extra NULL pointer and buffer boundaries checks, fix undefined behaviour and input data length calculations, remove accidentally duplicated code in arcfour.c - CVE-2022-3437...

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...