Severity: Unknown
Affected Package: heimdal
Summary: Multiple vulnerabilities in Heimdal Kerberos 5 and the KDC
Multiple security vulnerabilities were fixed in the Heimdal implementation of the Kerberos 5 network authentication protocols and KDC: a PAC parse integer overflow (CVE-2022-42898); overflows and non-constant-time leaks in DES/DES3 and arcfour (CVE-2022-3437); a NULL pointer dereference denial of service in SPNEGO acceptors (CVE-2021-44758); an invalid free in the ASN.1 codec in the KDC (CVE-2022-44640); and several protocol-transition issues covering validation of client attributes, applying the forwardable policy, and always looking up the impersonated client in the database (CVE-2019-14870).
No specific recommendations provided.
Aliases: CVE-2022-42898, CVE-2022-3437, CVE-2021-44758, CVE-2022-44640, CVE-2019-14870
Published: November 15, 2022
Last Modified: November 15, 2022