Lucene search

K

Heimdal Security Vulnerabilities

cve
cve

CVE-2004-0434

k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer...

9.8CVSS

9.7AI Score

0.059EPSS

2004-07-07 04:00 AM
40
cve
cve

CVE-2019-12098

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in...

7.4CVSS

6.9AI Score

0.004EPSS

2019-05-15 11:29 PM
210
cve
cve

CVE-2022-41916

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's....

7.5CVSS

8.1AI Score

0.003EPSS

2022-11-15 11:15 PM
125
8
cve
cve

CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center...

9.8CVSS

9.6AI Score

0.014EPSS

2022-12-25 05:15 AM
144
cve
cve

CVE-2021-44758

Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to...

7.5CVSS

8.1AI Score

0.001EPSS

2022-12-26 05:15 AM
128
cve
cve

CVE-2022-42898

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of...

8.8CVSS

9.2AI Score

0.005EPSS

2022-12-25 06:15 AM
688
2
cve
cve

CVE-2022-45142

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion...

7.5CVSS

7AI Score

0.01EPSS

2023-03-06 11:15 PM
212
cve
cve

CVE-2022-3116

The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to...

7.5CVSS

7.3AI Score

0.001EPSS

2023-03-27 10:15 PM
82
cve
cve

CVE-2018-16860

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name...

7.5CVSS

6.2AI Score

0.003EPSS

2019-07-31 03:15 PM
356
cve
cve

CVE-2017-17439

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the....

7.5CVSS

7.3AI Score

0.66EPSS

2017-12-06 03:29 PM
56
cve
cve

CVE-2017-6594

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued...

7.5CVSS

7.4AI Score

0.002EPSS

2017-08-28 07:29 PM
33
cve
cve

CVE-2017-11103

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version...

8.1CVSS

7.9AI Score

0.047EPSS

2017-07-13 01:29 PM
476
cve
cve

CVE-2011-4862

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as....

7.3AI Score

0.969EPSS

2011-12-25 01:55 AM
276
2
cve
cve

CVE-2007-5939

The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is...

6.5AI Score

0.02EPSS

2007-12-06 03:46 PM
21
cve
cve

CVE-2006-3084

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it...

6.2AI Score

0.0004EPSS

2006-08-09 10:04 AM
72
cve
cve

CVE-2006-3083

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop...

6.2AI Score

0.0004EPSS

2006-08-09 10:04 AM
44