Vulnerabilities > Heimdal Project

DATE CVE VULNERABILITY TITLE RISK
2023-03-27 CVE-2022-3116 NULL Pointer Dereference vulnerability in Heimdal Project Heimdal
The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance.
network
low complexity
heimdal-project CWE-476
7.5
2023-03-06 CVE-2022-45142 Improper Validation of Integrity Check Value vulnerability in Heimdal Project Heimdal 7.7.1/7.8.0
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp.
network
low complexity
heimdal-project CWE-354
7.5
2022-12-26 CVE-2021-44758 NULL Pointer Dereference vulnerability in Heimdal Project Heimdal
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
network
low complexity
heimdal-project CWE-476
7.5
2022-12-25 CVE-2022-42898 Integer Overflow or Wraparound vulnerability in multiple products
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms.
network
low complexity
mit heimdal-project samba CWE-190
8.8
2022-12-25 CVE-2022-44640 Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
network
low complexity
heimdal-project samba
critical
9.8
2022-11-15 CVE-2022-41916 Off-by-one Error vulnerability in multiple products
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos.
network
low complexity
heimdal-project debian CWE-193
7.5
2019-07-31 CVE-2018-16860 Improperly Implemented Security Check for Standard vulnerability in multiple products
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode.
6.0
2019-05-15 CVE-2019-12098 In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack.
network
high complexity
heimdal-project fedoraproject opensuse debian
7.4
2017-12-06 CVE-2017-17439 NULL Pointer Dereference vulnerability in multiple products
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm.
network
low complexity
debian heimdal-project CWE-476
5.0
2017-08-28 CVE-2017-6594 Improper Certificate Validation vulnerability in multiple products
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
network
low complexity
heimdal-project opensuse CWE-295
5.0