Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Heimdal
(Heimdal_project)| Repositories | https://github.com/heimdal/heimdal |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-06 | CVE-2022-45142 | The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. | Heimdal | 7.5 | ||
| 2023-03-27 | CVE-2022-3116 | The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. | Heimdal | 7.5 | ||
| 2022-11-15 | CVE-2022-41916 | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. | Debian_linux, Heimdal | 7.5 |