CVE-2022-3437

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description A heap-based buffer overflow issue was found in the GSSAPI unwrap des() and unwrap des3() routines of Heimdal, which is part of the Samba network interaction program. This issue allows a remote user to send specially crafted malicious data, possibly resulting in a denial of service (DoS) attack. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALT-PU-2022-2946

ALT-PU-2022-3052

ALT-PU-2024-14683

AZL-12995

AZL-37016

BDU:2022-06493

CVE-2022-3437

DLA-3206-1

DLA-3311-1

DLA-3792-1

DSA-5287-1

DSA-5344-1

DSA-5647-1

MGASA-2022-0468

MGASA-2023-0010

OESA-2022-2038

OPENSUSE-SU-2022_4395-1

OPENSUSE-SU-2023:0019-1

OPENSUSE-SU-2023:0020-1

OPENSUSE-SU-2023_0160-1

OPENSUSE-SU-2024:12454-1

OPENSUSE-SU-2024:12580-1

SUSE-SU-2022:4395-1

SUSE-SU-2023:0081-1

SUSE-SU-2023:0160-1

USN-5800-1

USN-5822-1

USN-5822-2

USN-5936-1

USN-7582-1

USN-7582-2

Affected Products

Alt Linux

Astra Linux

Freebsd

Heimdal

Linuxmint

Apple Macos

Red Os

Samba

Suse

Ubuntu

CVE-2022-3437

Weakness Enumeration

Related Identifiers

Affected Products

References · 148