CVE-2022-44640
First published: Sun Dec 25 2022(Updated: )
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Heimdal Project Heimdal | <7.7.1 | |
| Samba Samba | >=4.15.0<4.15.3 | |
| Samba Samba | >=4.16.0<4.16.8 | |
| Samba Samba | >=4.17.0<4.17.4 | |
| debian/heimdal | <=7.5.0+dfsg-3 | 7.5.0+dfsg-3+deb10u2 7.7.0+dfsg-2+deb11u3 7.8.git20221117.28daf24+dfsg-2 7.8.git20221117.28daf24+dfsg-3 |
| debian/samba | <=2:4.9.5+dfsg-5+deb10u3<=2:4.9.5+dfsg-5+deb10u4<=2:4.13.13+dfsg-1~deb11u5 | 2:4.17.12+dfsg-0+deb12u1 2:4.19.3+dfsg-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4
- https://security.gentoo.org/glsa/202310-06
- https://security.netapp.com/advisory/ntap-20230216-0008/
- https://github.com/heimdal/heimdal/commit/ea5ec8f174920cb80ce2b168b49195378420449e
- https://bugzilla.samba.org/show_bug.cgi?id=14929
- https://security-tracker.debian.org/tracker/CVE-2022-44640
Frequently Asked Questions
What is the vulnerability ID of this security issue in Heimdal and Samba?
The vulnerability ID is CVE-2022-44640.
What is the severity level of CVE-2022-44640?
The severity level of CVE-2022-44640 is critical, with a severity value of 9.8.
How does CVE-2022-44640 allow remote attackers to execute arbitrary code?
CVE-2022-44640 allows remote attackers to execute arbitrary code due to an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
Which versions of Heimdal are affected by CVE-2022-44640?
Versions up to and excluding 7.7.1 of Heimdal are affected by CVE-2022-44640.
Which versions of Samba are affected by CVE-2022-44640?
Versions from 4.15.0 up to and excluding 4.15.3, versions from 4.16.0 up to and excluding 4.16.8, and versions from 4.17.0 up to and excluding 4.17.4 of Samba are affected by CVE-2022-44640.
How can I fix the CVE-2022-44640 vulnerability in Heimdal?
To fix the CVE-2022-44640 vulnerability in Heimdal, update to version 7.7.1 or later.
How can I fix the CVE-2022-44640 vulnerability in Samba?
To fix the CVE-2022-44640 vulnerability in Samba, update to a version later than 4.17.4.
Where can I find more information about CVE-2022-44640?
More information about CVE-2022-44640 can be found at the following references: [GitHub Security Advisory](https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4), [GitHub Commit](https://github.com/heimdal/heimdal/commit/ea5ec8f174920cb80ce2b168b49195378420449e), [Samba Bugzilla](https://bugzilla.samba.org/show_bug.cgi?id=14929).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- collector/nvd-api
- collector/nvd-index
- collector/security-tracker-debian
- vendor/heimdal project
- canonical/heimdal project heimdal
- vendor/samba
- canonical/samba samba
- version/samba samba/4.15.0
- version/samba samba/4.16.0
- version/samba samba/4.17.0
- package-manager/debian