Action not permitted
Modal body text goes here.
CVE-2021-44758
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-04 04:32
Severity ?
EPSS score ?
Summary
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv"
},
{
"url": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580"
},
{
"url": "https://security.gentoo.org/glsa/202310-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44758",
"datePublished": "2022-12-26T00:00:00",
"dateReserved": "2021-12-08T00:00:00",
"dateUpdated": "2024-08-04T04:32:13.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-44758\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-12-26T05:15:10.503\",\"lastModified\":\"2023-10-08T09:15:10.480\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.\"},{\"lang\":\"es\",\"value\":\"Heimdal anterior a 7.7.1 permite a los atacantes provocar una desreferencia de puntero NULL en un aceptador SPNEGO a trav\u00e9s de preferred_mech_type de GSS_C_NO_OID y un valor nonzero initial_response distinto de cero para send_accept.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.7.1\",\"matchCriteriaId\":\"537FE65E-6E3F-4441-8B35-7B48214EA04D\"}]}]}],\"references\":[{\"url\":\"https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202310-06\",\"source\":\"cve@mitre.org\"}]}}"
}
}
wid-sec-w-2022-2372
Vulnerability from csaf_certbund
Published
2022-12-19 23:00
Modified
2023-01-19 23:00
Summary
genua genugate: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die genugate ist ein mehrstufiges Firewallprodukt des Herstellers genua GmbH.
Angriff
Ein entfernter, anonymer Angreifer kann einige der mehreren Schwachstellen in Komponenten von Drittanbietern ausnutzen, die von genua genugate verwendet werden, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die genugate ist ein mehrstufiges Firewallprodukt des Herstellers genua GmbH.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann einige der mehreren Schwachstellen in Komponenten von Drittanbietern ausnutzen, die von genua genugate verwendet werden, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2372 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2372.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2372 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2372"
},
{
"category": "external",
"summary": "Genua Patch vom 2022-12-19",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-105p1-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0\u0026tx_genusupport_content%5BsearchTerm%5D=\u0026tx_genusupport_content%5BforcePath%5D=\u0026tx_genusupport_content%5Baction%5D=genuSupportSearch\u0026tx_genusupport_content%5Bcontroller%5D=Content\u0026cHash=37a9613baf9adebc3e20772aaa249fc3"
},
{
"category": "external",
"summary": "Genua Patch vom 2022-12-19",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-104p2-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0\u0026tx_genusupport_content%5BsearchTerm%5D=\u0026tx_genusupport_content%5BforcePath%5D=\u0026tx_genusupport_content%5Baction%5D=genuSupportSearch\u0026tx_genusupport_content%5Bcontroller%5D=Content\u0026cHash=9cc97408444883591a94c7b03271ff7b"
},
{
"category": "external",
"summary": "Genua Patch vom 2022-12-19",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-100p12-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0\u0026tx_genusupport_content%5BsearchTerm%5D=\u0026tx_genusupport_content%5BforcePath%5D=\u0026tx_genusupport_content%5Baction%5D=genuSupportSearch\u0026tx_genusupport_content%5Bcontroller%5D=Content\u0026cHash=ef1c457a05f6f4465cc46f9369fe23d5"
}
],
"source_lang": "en-US",
"title": "genua genugate: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-01-19T23:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:07:25.160+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2022-2372",
"initial_release_date": "2022-12-19T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-12-19T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-01-19T23:00:00.000+00:00",
"number": "2",
"summary": "CVE Nummern erg\u00e4nzt; Hinweis: nicht alle CVE bei genugate ausnutzbar"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "genua genugate \u003c 10.0p12",
"product": {
"name": "genua genugate \u003c 10.0p12",
"product_id": "T025654",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genugate:10.0p12"
}
}
},
{
"category": "product_name",
"name": "genua genugate \u003c 10.4p2",
"product": {
"name": "genua genugate \u003c 10.4p2",
"product_id": "T025655",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genugate:10.4p2"
}
}
},
{
"category": "product_name",
"name": "genua genugate \u003c 10.5p1",
"product": {
"name": "genua genugate \u003c 10.5p1",
"product_id": "T025656",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genugate:10.5p1"
}
}
}
],
"category": "product_name",
"name": "genugate"
}
],
"category": "vendor",
"name": "genua"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-44640",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2022-44640"
},
{
"cve": "CVE-2022-44638",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2022-44638"
},
{
"cve": "CVE-2022-43680",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2022-43680"
},
{
"cve": "CVE-2022-42916",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-42915",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-42898",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2022-42898"
},
{
"cve": "CVE-2022-41916",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2022-41916"
},
{
"cve": "CVE-2022-40674",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2022-40674"
},
{
"cve": "CVE-2022-40304",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2022-40303",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2022-40303"
},
{
"cve": "CVE-2022-35260",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2022-35260"
},
{
"cve": "CVE-2022-35252",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-3437",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2022-3437"
},
{
"cve": "CVE-2022-32221",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2022-32221"
},
{
"cve": "CVE-2021-44758",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2021-44758"
},
{
"cve": "CVE-2021-3671",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00Z",
"title": "CVE-2021-3671"
}
]
}
wid-sec-w-2022-2057
Vulnerability from csaf_certbund
Published
2022-11-15 23:00
Modified
2024-06-13 22:00
Summary
Heimdal: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Heimdal ist eine Kerberos 5 Implementierung.
Kerberos ist ein verteilter Netzwerkdienst zur Authentifizierung. MIT Kerberos ist die freie Implementierung des "Kerberos network authentication protocol", des Massachusetts Institute of Technology (MIT).
Samba ist eine Open Source Software Suite, die Druck- und Dateidienste für SMB/CIFS Clients implementiert.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Heimdal, Samba, MIT Kerberos und FreeBSD Project FreeBSD OS ausnutzen, um einen Denial of Service Angriff durchzuführen, und um beliebigen Code auszuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Heimdal ist eine Kerberos 5 Implementierung.\r\nKerberos ist ein verteilter Netzwerkdienst zur Authentifizierung. MIT Kerberos ist die freie Implementierung des \"Kerberos network authentication protocol\", des Massachusetts Institute of Technology (MIT).\r\nSamba ist eine Open Source Software Suite, die Druck- und Dateidienste f\u00fcr SMB/CIFS Clients implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Heimdal, Samba, MIT Kerberos und FreeBSD Project FreeBSD OS ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, und um beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2057 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2057.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2057 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2057"
},
{
"category": "external",
"summary": "FreeBSD Security Advisory FREEBSD-SA-22:14.HEIMDAL vom 2022-11-15",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-22:14.heimdal.asc"
},
{
"category": "external",
"summary": "Heimdal 7.7.1 - Security Fix Release vom 2022-11-15",
"url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.7.1"
},
{
"category": "external",
"summary": "Heimdal 7.8 - Security Fix Release vom 2022-11-15",
"url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.8.0"
},
{
"category": "external",
"summary": "MIT krb5 Security Advisory 2022-001 vom 2022-11-15",
"url": "https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2022-001.txt"
},
{
"category": "external",
"summary": "Samba Security Announcement CVE-2022-42898 vom 2022-11-15",
"url": "https://www.samba.org/samba/security/CVE-2022-42898.html"
},
{
"category": "external",
"summary": "Synology Security Advisory SYNOLOGY-SA-22:22 vom 2022-11-19",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_22_22"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5286 vom 2022-11-19",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00257.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4155-1 vom 2022-11-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013049.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4153-1 vom 2022-11-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013050.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4154-1 vom 2022-11-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013053.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4167-1 vom 2022-11-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013065.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5287 vom 2022-11-22",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00258.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3206 vom 2022-11-26",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-8637 vom 2022-11-29",
"url": "https://linux.oracle.com/errata/ELSA-2022-8637.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8638 vom 2022-11-28",
"url": "https://access.redhat.com/errata/RHSA-2022:8638"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8648 vom 2022-11-28",
"url": "https://access.redhat.com/errata/RHSA-2022:8648"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8637 vom 2022-11-28",
"url": "https://access.redhat.com/errata/RHSA-2022:8637"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8639 vom 2022-11-28",
"url": "https://access.redhat.com/errata/RHSA-2022:8639"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8640 vom 2022-11-28",
"url": "https://access.redhat.com/errata/RHSA-2022:8640"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8641 vom 2022-11-28",
"url": "https://access.redhat.com/errata/RHSA-2022:8641"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-8640 vom 2022-11-29",
"url": "https://linux.oracle.com/errata/ELSA-2022-8640.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-8638 vom 2022-11-29",
"url": "http://linux.oracle.com/errata/ELSA-2022-8638.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8662 vom 2022-11-29",
"url": "https://access.redhat.com/errata/RHSA-2022:8662"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8669 vom 2022-11-29",
"url": "https://access.redhat.com/errata/RHSA-2022:8669"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8663 vom 2022-11-29",
"url": "https://access.redhat.com/errata/RHSA-2022:8663"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3213 vom 2022-11-29",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00041.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2022:8640 vom 2022-12-01",
"url": "https://lists.centos.org/pipermail/centos-announce/2022-November/073665.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2022-311128DD7E vom 2022-12-01",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2022-311128dd7e"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8827 vom 2022-12-06",
"url": "https://access.redhat.com/errata/RHSA-2022:8827"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4335-1 vom 2022-12-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013194.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5766-1 vom 2022-12-08",
"url": "https://ubuntu.com/security/notices/USN-5766-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4395-1 vom 2022-12-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013212.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:9029 vom 2022-12-14",
"url": "https://access.redhat.com/errata/RHSA-2022:9029"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8893 vom 2022-12-15",
"url": "https://access.redhat.com/errata/RHSA-2022:8893"
},
{
"category": "external",
"summary": "Samba Release Notes",
"url": "https://www.samba.org/samba/history/samba-4.17.4.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0081-1 vom 2023-01-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013465.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5800-1 vom 2023-01-12",
"url": "https://ubuntu.com/security/notices/USN-5800-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1915 vom 2023-01-23",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1915.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1667 vom 2023-01-24",
"url": "https://alas.aws.amazon.com/ALAS-2023-1667.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-271 vom 2023-01-25",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2023-271.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-272 vom 2023-01-25",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2023-272.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5828-1 vom 2023-01-25",
"url": "https://ubuntu.com/security/notices/USN-5828-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5822-2 vom 2023-01-27",
"url": "https://ubuntu.com/security/notices/USN-5822-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0160-1 vom 2023-01-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013535.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0198-1 vom 2023-01-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013559.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1680 vom 2023-02-06",
"url": "https://alas.aws.amazon.com/ALAS-2023-1680.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12104 vom 2023-02-08",
"url": "https://linux.oracle.com/errata/ELSA-2023-12104.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5936-1 vom 2023-03-08",
"url": "https://ubuntu.com/security/notices/USN-5936-1"
},
{
"category": "external",
"summary": "QNAP Security Advisory QSA-23-03 vom 2023-03-29",
"url": "https://www.qnap.com/de-de/security-advisory/QSA-23-03"
},
{
"category": "external",
"summary": "QNAP Security Advisory QSA-23-03 vom 2023-03-29",
"url": "https://www.qnap.com/go/security-advisory/qsa-23-03"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6967016 vom 2023-03-29",
"url": "https://www.ibm.com/support/pages/node/6967016"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6981101 vom 2023-04-05",
"url": "https://www.ibm.com/support/pages/node/6981101"
},
{
"category": "external",
"summary": "ORACLE OVMSA-2023-0008 vom 2023-08-17",
"url": "https://oss.oracle.com/pipermail/oraclevm-errata/2023-August/001080.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202309-06 vom 2023-09-17",
"url": "https://security.gentoo.org/glsa/202309-06"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202310-06 vom 2023-10-08",
"url": "https://security.gentoo.org/glsa/202310-06"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202405-11 vom 2024-05-05",
"url": "https://security.gentoo.org/glsa/202405-11"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-162 vom 2024-06-14",
"url": "https://www.dell.com/support/kbdoc/de-de/000215555/dsa-2023-162-security-update-for-dell-idrac9-heimdal-vulnerability"
}
],
"source_lang": "en-US",
"title": "Heimdal: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-06-13T22:00:00.000+00:00",
"generator": {
"date": "2024-06-14T08:09:13.900+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2022-2057",
"initial_release_date": "2022-11-15T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-11-15T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-11-16T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-88CEFEF88C, FEDORA-2022-FBCA84B938, FEDORA-2022-EA403B373F, FEDORA-2022-003403EC6B, FEDORA-2022-C6E50D409B, FEDORA-2022-78038A4441, FEDORA-2022-A1747ACA80"
},
{
"date": "2022-11-17T23:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-D680C70EBE"
},
{
"date": "2022-11-20T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Synology und Debian aufgenommen"
},
{
"date": "2022-11-21T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE und Fedora aufgenommen"
},
{
"date": "2022-11-22T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE und Debian aufgenommen"
},
{
"date": "2022-11-27T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-11-28T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2022-11-29T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat und Debian aufgenommen"
},
{
"date": "2022-11-30T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von CentOS aufgenommen"
},
{
"date": "2022-12-01T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2022-12-06T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2022-12-07T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-12-11T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-12-14T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-15T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-01-12T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2023-01-23T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-01-24T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-01-25T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-01-26T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-01-29T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-02-06T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-02-08T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-03-08T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-03-29T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von QNAP aufgenommen"
},
{
"date": "2023-04-05T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-08-17T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von ORACLE aufgenommen"
},
{
"date": "2023-09-17T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2023-10-08T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-05-05T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-06-13T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "32"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "9",
"product": {
"name": "Dell integrated Dell Remote Access Controller 9",
"product_id": "T015301",
"product_identification_helper": {
"cpe": "cpe:/h:dell:idrac:9"
}
}
}
],
"category": "product_name",
"name": "integrated Dell Remote Access Controller"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c13.1 stable",
"product": {
"name": "FreeBSD Project FreeBSD OS \u003c13.1 stable",
"product_id": "T025344",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:13.1_stable"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.1 release p4",
"product": {
"name": "FreeBSD Project FreeBSD OS \u003c13.1 release p4",
"product_id": "T025345",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:13.1_release_p4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.4 stable",
"product": {
"name": "FreeBSD Project FreeBSD OS \u003c12.4 stable",
"product_id": "T025346",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:12.4_stable"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.4 RC2 p1",
"product": {
"name": "FreeBSD Project FreeBSD OS \u003c12.4 RC2 p1",
"product_id": "T025347",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:12.4_rc2_p1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.3 release p9",
"product": {
"name": "FreeBSD Project FreeBSD OS \u003c12.3 release p9",
"product_id": "T025348",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:12.3_release_p9"
}
}
}
],
"category": "product_name",
"name": "FreeBSD OS"
}
],
"category": "vendor",
"name": "FreeBSD Project"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.4.3 FP9",
"product": {
"name": "IBM QRadar SIEM \u003c7.4.3 FP9",
"product_id": "T026829",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.4.3_fp9"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP4 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP4 IF01",
"product_id": "T026982",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up4_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version",
"name": "11.4",
"product": {
"name": "IBM Security Guardium 11.4",
"product_id": "1076561",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.4"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=krb5-1.8",
"product": {
"name": "MIT Kerberos \u003e=krb5-1.8",
"product_id": "T025336",
"product_identification_helper": {
"cpe": "cpe:/a:mit:kerberos:krb5-1.8"
}
}
}
],
"category": "product_name",
"name": "Kerberos"
}
],
"category": "vendor",
"name": "MIT"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.8.0",
"product": {
"name": "Open Source Heimdal \u003c7.8.0",
"product_id": "T025326",
"product_identification_helper": {
"cpe": "cpe:/a:heimdal:heimdal:7.8.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.7.1",
"product": {
"name": "Open Source Heimdal \u003c7.7.1",
"product_id": "T025327",
"product_identification_helper": {
"cpe": "cpe:/a:heimdal:heimdal:7.7.1"
}
}
}
],
"category": "product_name",
"name": "Heimdal"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.15.12",
"product": {
"name": "Open Source Samba \u003c4.15.12",
"product_id": "T025328",
"product_identification_helper": {
"cpe": "cpe:/a:samba:samba:4.15.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.16.7",
"product": {
"name": "Open Source Samba \u003c4.16.7",
"product_id": "T025330",
"product_identification_helper": {
"cpe": "cpe:/a:samba:samba:4.16.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.17.3",
"product": {
"name": "Open Source Samba \u003c4.17.3",
"product_id": "T025332",
"product_identification_helper": {
"cpe": "cpe:/a:samba:samba:4.17.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.17.4",
"product": {
"name": "Open Source Samba \u003c4.17.4",
"product_id": "T025619",
"product_identification_helper": {
"cpe": "cpe:/a:samba:samba:4.17.4"
}
}
}
],
"category": "product_name",
"name": "Samba"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "3",
"product": {
"name": "Oracle VM 3",
"product_id": "T019617",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:vm:3"
}
}
}
],
"category": "product_name",
"name": "VM"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "QNAP NAS",
"product": {
"name": "QNAP NAS",
"product_id": "T017100",
"product_identification_helper": {
"cpe": "cpe:/h:qnap:nas:-"
}
}
}
],
"category": "vendor",
"name": "QNAP"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift",
"product": {
"name": "Red Hat OpenShift",
"product_id": "367115",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-44758",
"notes": [
{
"category": "description",
"text": "Es gibt eine Schwachstelle in Heimdal, in Verbindung mit den \"SPNEGO\"-Akzeptoren. Ein Angreifer kann eine NULL-Zeiger-Dereferenz ausl\u00f6sen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"67646",
"1076561",
"T012167",
"T015301",
"T004914",
"T017100",
"T026829",
"T025619",
"2951",
"T002207",
"T000126",
"367115",
"T019617",
"398363",
"1727",
"T026982"
]
},
"release_date": "2022-11-15T23:00:00Z",
"title": "CVE-2021-44758"
},
{
"cve": "CVE-2022-41916",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Heimdal bez\u00fcglich der Normalisierung von Unicode. Es wird versucht, ein Byte hinter dem Ende eines Arrays zu lesen. Ein Angreifer kann dies f\u00fcr einen Denial of Service Angriff ausnutzen."
}
],
"product_status": {
"known_affected": [
"67646",
"1076561",
"T012167",
"T015301",
"T004914",
"T017100",
"T026829",
"T025619",
"2951",
"T002207",
"T000126",
"367115",
"T019617",
"398363",
"1727",
"T026982"
]
},
"release_date": "2022-11-15T23:00:00Z",
"title": "CVE-2022-41916"
},
{
"cve": "CVE-2022-42898",
"notes": [
{
"category": "description",
"text": "Es gibt eine Schwachstelle in Heimdal, wie es zum Beispiel in Samba, MIT Kerberos und FreeBSD OS verwendet wird. Bei der Verarbeitung von Privilege-Attribute-Zertifikaten (PAC) k\u00f6nnen mehrere Integer-\u00dcberlaufsituationen auftreten. Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand zu erzeugen und KDC-Informationen offenzulegen. Auf 32-Bit-Plattformen kann ein Angreifer dies auch ausnutzen, um potenziell beliebigen Code auszuf\u00fchren. Der Angreifer muss im Besitz des Langzeitschl\u00fcssels des Dienstes sein, um dies erfolgreich auszunutzen."
}
],
"product_status": {
"known_affected": [
"67646",
"1076561",
"T012167",
"T015301",
"T004914",
"T017100",
"T026829",
"T025619",
"2951",
"T002207",
"T000126",
"367115",
"T019617",
"398363",
"1727",
"T026982"
]
},
"release_date": "2022-11-15T23:00:00Z",
"title": "CVE-2022-42898"
},
{
"cve": "CVE-2022-44640",
"notes": [
{
"category": "description",
"text": "In Heimdal besteht eine Schwachstelle im ASN.1 Codec. Beim Umgang mit speziell gestalteten DER-kodierten Eingaben kann eine ung\u00fcltige \"free()\"-Operation an einer Adresse auftreten, die teilweise oder vollst\u00e4ndig unter der Kontrolle des Angreifers steht. Ein Angreifer kann dies ausnutzen, um potenziell beliebigen Code auf dem KDC auszuf\u00fchren, was bedeutet, dass Anmeldeinformationen kompromittiert werden k\u00f6nnen, die dazu verwendet werden k\u00f6nnen, sich als ein beliebiger Benutzer in einem Realm oder Forest of Realms auszugeben."
}
],
"product_status": {
"known_affected": [
"67646",
"1076561",
"T012167",
"T015301",
"T004914",
"T017100",
"T026829",
"T025619",
"2951",
"T002207",
"T000126",
"367115",
"T019617",
"398363",
"1727",
"T026982"
]
},
"release_date": "2022-11-15T23:00:00Z",
"title": "CVE-2022-44640"
}
]
}
gsd-2021-44758
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-44758",
"id": "GSD-2021-44758",
"references": [
"https://www.debian.org/security/2022/dsa-5287",
"https://advisories.mageia.org/CVE-2021-44758.html",
"https://www.suse.com/security/cve/CVE-2021-44758.html",
"https://ubuntu.com/security/CVE-2021-44758"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-44758"
],
"details": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.",
"id": "GSD-2021-44758",
"modified": "2023-12-13T01:23:20.161079Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv",
"refsource": "MISC",
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv"
},
{
"name": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580",
"refsource": "MISC",
"url": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580"
},
{
"name": "https://security.gentoo.org/glsa/202310-06",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/202310-06"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.7.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44758"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv"
},
{
"name": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580"
},
{
"name": "https://security.gentoo.org/glsa/202310-06",
"refsource": "MISC",
"tags": [],
"url": "https://security.gentoo.org/glsa/202310-06"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-10-08T09:15Z",
"publishedDate": "2022-12-26T05:15Z"
}
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.