Off-by-one Error Affecting heimdal package, versions <1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2


Severity

Recommended
medium

Based on Ubuntu security rating.

Threat Intelligence

EPSS
0.35% (72nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU1604-HEIMDAL-3124862
  • published18 Nov 2022
  • disclosed15 Nov 2022

Introduced: 15 Nov 2022

CVE-2022-41916  (opens in a new tab)
CWE-193  (opens in a new tab)

How to fix?

Upgrade Ubuntu:16.04 heimdal to version 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream heimdal package and not the heimdal package as distributed by Ubuntu. See How to fix? for Ubuntu:16.04 relevant fixed versions and status.

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.

CVSS Scores

version 3.1