rpm package
suse/libheimdal&distro=SUSE Package Hub 15 SP4
pkg:rpm/suse/libheimdal&distro=SUSE%20Package%20Hub%2015%20SP4
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-3437 | Med | 6.5 | < 7.8.0-bp154.2.4.1 | 7.8.0-bp154.2.4.1 | Jan 12, 2023 | A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory w | |
| CVE-2021-44758 | Hig | 7.5 | < 7.8.0-bp154.2.4.1 | 7.8.0-bp154.2.4.1 | Dec 26, 2022 | Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. | |
| CVE-2022-42898 | Hig | 8.8 | < 7.8.0-bp154.2.4.1 | 7.8.0-bp154.2.4.1 | Dec 25, 2022 | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cau | |
| CVE-2022-44640 | Cri | 9.8 | < 7.8.0-bp154.2.4.1 | 7.8.0-bp154.2.4.1 | Dec 25, 2022 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). | |
| CVE-2022-41916 | Med | 5.9 | < 7.8.0-bp154.2.4.1 | 7.8.0-bp154.2.4.1 | Nov 15, 2022 | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applicatio | |
| CVE-2021-3671 | Med | 6.5 | < 7.8.0-bp154.2.4.1 | 7.8.0-bp154.2.4.1 | Oct 12, 2021 | A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server. | |
| CVE-2019-14870 | Med | 5.4 | < 7.8.0-bp154.2.4.1 | 7.8.0-bp154.2.4.1 | Dec 10, 2019 | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regu |
- affected < 7.8.0-bp154.2.4.1fixed 7.8.0-bp154.2.4.1
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory w
- affected < 7.8.0-bp154.2.4.1fixed 7.8.0-bp154.2.4.1
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
- affected < 7.8.0-bp154.2.4.1fixed 7.8.0-bp154.2.4.1
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cau
- affected < 7.8.0-bp154.2.4.1fixed 7.8.0-bp154.2.4.1
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
- affected < 7.8.0-bp154.2.4.1fixed 7.8.0-bp154.2.4.1
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applicatio
- affected < 7.8.0-bp154.2.4.1fixed 7.8.0-bp154.2.4.1
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
- affected < 7.8.0-bp154.2.4.1fixed 7.8.0-bp154.2.4.1
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regu