Error Handling in heimdal

#VU72057 Error Handling in heimdal

Published: 2023-02-08

Vulnerability identifier: #VU72057

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45142

CWE-ID: CWE-388

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
heimdal
Server applications / Encryption software

Vendor: Heimdal Software

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a logic issue in Heimdal GSSAPI related to patch for vulnerability #VU68701 (CVE-2022-3437). A remote user can perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

heimdal: 7.7.1 - 7.8.0

External links
http://ubuntu.com/security/notices/USN-5849-1
http://www.openwall.com/lists/oss-security/2023/02/08/1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell PowerProtect Cyber Recovery

VMware Tanzu Platform Automation Toolkit update for heimdal

Multiple vulnerabilities in IBM CICS TX Advanced

Multiple vulnerabilities in Cloud Foundry Foundation cflinuxfs3

Debian update for heimdal

Ubuntu update for heimdal

Denial of service in Heimdal