Vulnerability

VU#730793: Heimdal Kerbos vulnerable to remotely triggered NULL pointer dereference on 07/10/2022 at 7:25 pm

October 17, 2022

Overview

The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.

Description

A flawed logical condition allows a malicious actor to remotely trigger a NULL pointer dereference using a crafted negTokenInit token.

Impact

An attacker can use a specially crafted network packet to cause a vulnerable application to crash.

Solution

The latest version of code in the Heimdal master branch fixes the issue. However, the current stable release 7.7.0 does not include the fix.

Acknowledgements

Thanks to the International Continence Society for reporting this issue.

This document was written by Kevin Stephens.

Vendor Information

One or more vendors are listed for this advisory. Please reference the full report for more information.

Other Information

CVE IDs:

CVE-2022-3116

Date Public:

2022-10-07
Date First Published:
2022-10-07
Date Last Updated:
2022-10-07 19:24 UTC
Document Revision:
1

About vulnerability notes
Contact us about this vulnerability
Provide a vendor statement
Related Posts
Clear Filters
VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption on 28/02/2023 at 5:37 pm
VULNERABILITIES
VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption on 28/02/2023 at 5:37 pm
Vulnerability
VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption on 28/02/2023 at 5:37 pm

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level…

Read More
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations on 08/11/2022 at 5:02 pm
VULNERABILITIES
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations on 08/11/2022 at 5:02 pm
Vulnerability
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations on 08/11/2022 at 5:02 pm

Overview Multiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution in System Management Mode (SMM) by an…

Read More
Devel Group
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required