Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-41916

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.

Published

2022-11-15T23:15:27.197

Last Modified

2024-11-21T07:24:03.720

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-193
Type: Primary
CWE-193

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	heimdal_project	heimdal	< 7.7.1	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	debian	debian_linux	11.0	Yes

References

https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html Mailing List, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202310-06 ([email protected])
https://security.netapp.com/advisory/ntap-20230216-0008/ ([email protected])
https://www.debian.org/security/2022/dsa-5287 Third Party Advisory ([email protected])
https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202310-06 (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230216-0008/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5287 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)