PT-2022-26146 · Heimdal+4 · Heimdal+4

Lownicowilliams

Published

2022-11-15

Updated

2024-08-12

CVE-2022-41916

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Heimdal versions prior to 7.7.1

Description Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. The issue affects Heimdal's PKI certificate validation library, impacting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. This results in a denial of service vulnerability.

Recommendations For versions prior to 7.7.1, upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193

Related Identifiers

AZL-11457

AZL-44835

CVE-2022-41916

DLA-3206-1

DSA-5287-1

GHSA-MGQR-GVH6-23CX

MGASA-2022-0468

OPENSUSE-SU-2023:0019-1

OPENSUSE-SU-2023:0020-1

OPENSUSE-SU-2024:12580-1

ROSA-SA-2024-2419

USN-5766-1

Affected Products

Astra Linux

Heimdal

Linuxmint

Red Os

Ubuntu

PT-2022-26146 · Heimdal+4 · Heimdal+4

CVE-2022-41916

Weakness Enumeration

Related Identifiers

Affected Products

References · 46