Main Vulnerability Database Vulnerabilities #VU69364

#VU69364 Buffer overflow in heimdal - CVE-2022-44640

Published: November 16, 2022

Vulnerability identifier: #VU69364

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-44640

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
heimdal

Software vendor:
Heimdal Software

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in ASN.1 codec in Heimdal. The ASN.1 compiler generates code that allows specially crafted DER encodings of CHOICEs to invoke the wrong free function on the decoded structure upon decode error. This is known to impact the Heimdal KDC, leading to an invalid free() of an address partly or wholly under the control of the attacker. A remote attacker can execute arbitrary code on the system.

Remediation

Install updates from vendor's website.

External links

https://github.com/heimdal/heimdal/releases/tag/heimdal-7.7.1

#VU69364 Buffer overflow in heimdal - CVE-2022-44640

Description

Remediation

External links

Please verify you're human