CVE-2022-41916

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.

Database specific

{
    "cwe_ids": [
        "CWE-193"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41916.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/heimdal/heimdal

Affected ranges

Type: GIT
Repo: https://github.com/heimdal/heimdal
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

78077c39e355766221383ee48c8b9be0459a82a4

Affected versions

Other

git2svn-syncpoint-master

switch-from-svn-to-git

heimdal-1.*

heimdal-1.3.0pre1

heimdal-1.3.0pre10

heimdal-1.3.0pre11

heimdal-1.3.0pre3

heimdal-1.3.0pre4

heimdal-1.3.0pre5

heimdal-1.3.0pre6

heimdal-1.3.0pre7

heimdal-1.3.0pre8

heimdal-1.3.0pre9

heimdal-1.3.0rc1

heimdal-1.5pre1

heimdal-1.5pre2

heimdal-7.*

heimdal-7.0.1

heimdal-7.0.2

heimdal-7.0.3

heimdal-7.1.0

heimdal-7.1rc1

heimdal-7.2.0

heimdal-7.3.0

heimdal-7.4.0

heimdal-7.5.0

heimdal-7.6.0

heimdal-7.7.0

upstream-1.*

upstream-1.4.0+git20101228.dfsg.1

upstream-1.4.0+git20110220.dfsg.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41916.json"