CVE-2022-45142

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions heimdal versions 7.7.1 through 7.8.0

Description The issue is related to the implementation of the Kerberos5 protocol in heimdal, specifically concerning incorrect validation of message integrity codes. This can allow a remote attacker to cause a logical inversion, resulting in the validation of message integrity codes in gssapi/arcfour to be inverted.

Recommendations For heimdal versions 7.7.1 through 7.8.0, consider applying the original fix for the issue without the logic inversion, which includes changing memcmp to be constant time and adding "!= 0" comparisons to the result of memcmp. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-354

Related Identifiers

AZL-25604

AZL-34797

BDU:2023-02156

CVE-2022-45142

DLA-3311-1

DSA-5344-1

MGASA-2023-0098

OPENSUSE-SU-2024:12846-1

ROSA-SA-2025-2638

USN-5849-1

Affected Products

Astra Linux

Linuxmint

Red Os

Ubuntu

Heimdal

CVE-2022-45142

Weakness Enumeration

Related Identifiers

Affected Products

References · 29