Unrated severityNVD Advisory· Published Nov 15, 2022· Updated Apr 23, 2025
Read one byte past a buffer when normalizing Unicode
CVE-2022-41916
Description
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- security.gentoo.org/glsa/202310-06mitrevendor-advisory
- www.debian.org/security/2022/dsa-5287mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2022/11/msg00034.htmlmitremailing-list
- github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cxmitre
- security.netapp.com/advisory/ntap-20230216-0008/mitre
News mentions
0No linked articles in our index yet.