Unrated severityNVD Advisory· Published Mar 6, 2023· Updated Mar 6, 2025
CVE-2022-45142
CVE-2022-45142
Description
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords8 versionspkg:apk/chainguard/heimdalpkg:apk/chainguard/heimdal-devpkg:apk/chainguard/heimdal-docpkg:apk/chainguard/heimdal-libspkg:apk/wolfi/heimdalpkg:apk/wolfi/heimdal-devpkg:apk/wolfi/heimdal-docpkg:apk/wolfi/heimdal-libs
< 7.8.0-r1+ 7 more
- (no CPE)range: < 7.8.0-r1
- (no CPE)range: < 7.8.0-r1
- (no CPE)range: < 7.8.0-r1
- (no CPE)range: < 7.8.0-r1
- (no CPE)range: < 7.8.0-r1
- (no CPE)range: < 7.8.0-r1
- (no CPE)range: < 7.8.0-r1
- (no CPE)range: < 7.8.0-r1
Patches
Vulnerability mechanics
References
2- security.gentoo.org/glsa/202310-06mitrevendor-advisory
- www.openwall.com/lists/oss-security/2023/02/08/1mitre
News mentions
0No linked articles in our index yet.