CVE-2022-41916

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.

Database specific

{
    "cwe_ids": [
        "CWE-193"
    ]
}

References

Affected packages

Git / github.com/heimdal/heimdal

Affected ranges

Type: GIT
Repo: https://github.com/heimdal/heimdal
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

78077c39e355766221383ee48c8b9be0459a82a4

Affected versions

Other

git2svn-syncpoint-master

switch-from-svn-to-git

heimdal-1.*

heimdal-1.3.0pre1

heimdal-1.3.0pre10

heimdal-1.3.0pre11

heimdal-1.3.0pre3

heimdal-1.3.0pre4

heimdal-1.3.0pre5

heimdal-1.3.0pre6

heimdal-1.3.0pre7

heimdal-1.3.0pre8

heimdal-1.3.0pre9

heimdal-1.3.0rc1

heimdal-1.5pre1

heimdal-1.5pre2

heimdal-7.*

heimdal-7.0.1

heimdal-7.0.2

heimdal-7.0.3

heimdal-7.1.0

heimdal-7.1rc1

heimdal-7.2.0

heimdal-7.3.0

heimdal-7.4.0

heimdal-7.5.0

heimdal-7.6.0

heimdal-7.7.0

upstream-1.*

upstream-1.4.0+git20101228.dfsg.1

upstream-1.4.0+git20110220.dfsg.1

Database specific

vanir_signatures

[
    {
        "id": "CVE-2022-41916-7e74d481",
        "digest": {
            "line_hashes": [
                "185684756605390238103334007784352789624",
                "7131579695216385856922531758292910060",
                "96067565823201056646313325968740529266",
                "307324062224806380958204996069287421659"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "target": {
            "file": "include/bits.c"
        },
        "source": "https://github.com/heimdal/heimdal/commit/78077c39e355766221383ee48c8b9be0459a82a4",
        "signature_version": "v1",
        "signature_type": "Line"
    }
]