CVE-2022-42898

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-42898
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-12-25 06:15:00 UTC
Updated2023-10-08 09:15:00 UTC
DescriptionPAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

Risk And Classification

Problem Types: CWE-190

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Heimdal Project Heimdal All All All All
Application Mit Kerberos 5 All All All All
Application Mit Kerberos 5 1.20 - All All
Application Mit Kerberos 5 1.20 beta1 All All
Application Samba Samba All All All All

References

ReferenceSourceLinkTags
Samba - Security Announcement Archive CONFIRM www.samba.org
Kerberos Security Advisories MISC web.mit.edu
web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt CONFIRM web.mit.edu
15203 – (CVE-2022-42898) CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing vulnerability MISC bugzilla.samba.org
PAC parse integer overflows · Advisory · heimdal/heimdal · GitHub CONFIRM github.com
Samba: Multiple Vulnerabilities (GLSA 202309-06) — Gentoo security GENTOO security.gentoo.org
December 2022 Heimdal Vulnerabilities in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
Kerberos 5 Release 1.19.4 CONFIRM web.mit.edu
Heimdal: Multiple Vulnerabilities (GLSA 202310-06) — Gentoo security GENTOO security.gentoo.org
Fix integer overflows in PAC parsing · krb5/krb5@ea92d2f · GitHub CONFIRM github.com
CVE-2022-42898 MIT Kerberos 5 Vulnerability in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160331 Oracle Enterprise Linux Security Update for krb5 (ELSA-2022-8638)
  • 160335 Oracle Enterprise Linux Security Update for krb5 (ELSA-2022-8637)
  • 160337 Oracle Enterprise Linux Security Update for krb5 (ELSA-2022-8640)
  • 160454 Oracle Enterprise Linux Security Update for krb5 (ELSA-2023-12104)
  • 181238 Debian Security Update for krb5 (DSA 5286-1)
  • 181242 Debian Security Update for heimdal (DSA 5287-1)
  • 181249 Debian Security Update for heimdal (DLA 3206-1)
  • 181259 Debian Security Update for krb5 (DLA 3213-1)
  • 183360 Debian Security Update for krb5sambaheimdal (CVE-2022-42898)
  • 199102 Ubuntu Security Notification for Heimdal Vulnerabilities (USN-5800-1)
  • 199130 Ubuntu Security Notification for Samba Vulnerabilities (USN-5822-1)
  • 199133 Ubuntu Security Notification for Kerberos Vulnerabilities (USN-5828-1)
  • 199228 Ubuntu Security Notification for Samba Vulnerabilities (USN-5936-1)
  • 240941 Red Hat Update for krb5 (RHSA-2022:8639)
  • 240944 Red Hat Update for krb5 (RHSA-2022:8640)
  • 240945 Red Hat Update for krb5 (RHSA-2022:8637)
  • 240947 Red Hat Update for krb5 (RHSA-2022:8638)
  • 240950 Red Hat Update for krb5 (RHSA-2022:8662)
  • 240951 Red Hat Update for krb5 (RHSA-2022:8669)
  • 257203 CentOS Security Update for krb5 (CESA-2022:8640)
  • 283332 Fedora Security Update for samba (FEDORA-2022-d680c70ebe)
  • 283333 Fedora Security Update for krb5 (FEDORA-2022-78038a4441)
  • 283334 Fedora Security Update for krb5 (FEDORA-2022-88cefef88c)
  • 283360 Fedora Security Update for heimdal (FEDORA-2022-dba9ba8e2b)
  • 283361 Fedora Security Update for heimdal (FEDORA-2022-cbbd105d08)
  • 283375 Fedora Security Update for samba (FEDORA-2022-003403ec6b)
  • 283404 Fedora Security Update for heimdal (FEDORA-2022-2c77cee4b5)
  • 283411 Fedora Security Update for krb5 (FEDORA-2022-a1747aca80)
  • 283413 Fedora Security Update for samba (FEDORA-2022-2156b74a6a)
  • 296099 Oracle Solaris 11.4 Support Repository Update (SRU) 57.144.3 Missing (CPUAPR2023)
  • 354651 Amazon Linux Security Advisory for krb5 : ALAS2-2023-1915
  • 354675 Amazon Linux Security Advisory for krb5 : ALAS-2023-1667
  • 354695 Amazon Linux Security Advisory for krb5 : ALAS2022-2023-272
  • 354706 Amazon Linux Security Advisory for samba : ALAS2022-2023-271
  • 354720 Amazon Linux Security Advisory for krb5 : ALAS-2023-1680
  • 355064 Amazon Linux Security Advisory for krb5 : AL2012-2023-388
  • 355224 Amazon Linux Security Advisory for krb5 : ALAS2023-2023-103
  • 377816 Alibaba Cloud Linux Security Update for krb5 (ALINUX2-SA-2022:0055)
  • 377818 Alibaba Cloud Linux Security Update for krb5 (ALINUX3-SA-2022:0186)
  • 378488 NetApp Clustered Data Open Network Technology for Appliance Products (ONTAP) Denial of Service (DoS) Vulnerability (NTAP-20230223-0001)
  • 390282 Oracle Managed Virtualization (VM) Server for x86 Security Update for krb5 (OVMSA-2023-0008)
  • 502599 Alpine Linux Security Update for heimdal
  • 502602 Alpine Linux Security Update for krb5
  • 502620 Alpine Linux Security Update for samba
  • 502655 Alpine Linux Security Update for heimdal
  • 502733 Alpine Linux Security Update for krb5
  • 503127 Alpine Linux Security Update for samba
  • 503810 Alpine Linux Security Update for samba
  • 503994 Alpine Linux Security Update for heimdal
  • 505624 Alpine Linux Security Update for krb5
  • 505934 Alpine Linux Security Update for samba
  • 672546 EulerOS Security Update for samba (EulerOS-SA-2023-1112)
  • 672570 EulerOS Security Update for samba (EulerOS-SA-2023-1136)
  • 672577 EulerOS Security Update for krb5 (EulerOS-SA-2023-1321)
  • 672587 EulerOS Security Update for samba (EulerOS-SA-2023-1336)
  • 672630 EulerOS Security Update for samba (EulerOS-SA-2023-1371)
  • 672635 EulerOS Security Update for samba (EulerOS-SA-2023-1399)
  • 672672 EulerOS Security Update for krb5 (EulerOS-SA-2023-1425)
  • 672679 EulerOS Security Update for krb5 (EulerOS-SA-2023-1410)
  • 672695 EulerOS Security Update for samba (EulerOS-SA-2023-1417)
  • 672699 EulerOS Security Update for samba (EulerOS-SA-2023-1432)
  • 672724 EulerOS Security Update for krb5 (EulerOS-SA-2023-1445)
  • 672780 EulerOS Security Update for krb5 (EulerOS-SA-2023-1470)
  • 672809 EulerOS Security Update for krb5 (EulerOS-SA-2023-1527)
  • 672829 EulerOS Security Update for krb5 (EulerOS-SA-2023-1552)
  • 673105 EulerOS Security Update for krb5 (EulerOS-SA-2023-2153)
  • 673107 EulerOS Security Update for samba (EulerOS-SA-2023-2168)
  • 690991 Free Berkeley Software Distribution (FreeBSD) Security Update for krb5 (094e4a5b-6511-11ed-8c5e-206a8a720317)
  • 691336 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (22df5074-71cd-11ee-85eb-84a93843eb75)
  • 710751 Gentoo Linux Samba Multiple Vulnerabilities (GLSA 202309-06)
  • 710767 Gentoo Linux Heimdal Multiple Vulnerabilities (GLSA 202310-06)
  • 752841 SUSE Enterprise Linux Security Update for krb5 (SUSE-SU-2022:4154-1)
  • 752868 SUSE Enterprise Linux Security Update for krb5 (SUSE-SU-2022:4155-1)
  • 752895 SUSE Enterprise Linux Security Update for krb5 (SUSE-SU-2022:4167-1)
  • 752931 SUSE Enterprise Linux Security Update for krb5 (SUSE-SU-2022:4153-1)
  • 752971 SUSE Enterprise Linux Security Update for krb5 (SUSE-SU-2022:4335-1)
  • 752999 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:4395-1)
  • 753517 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:0081-1)
  • 753587 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:0160-1)
  • 753591 SUSE Enterprise Linux Security Update for krb5 (SUSE-SU-2023:0198-1)
  • 904791 Common Base Linux Mariner (CBL-Mariner) Security Update for heimdal (12125)
  • 904792 Common Base Linux Mariner (CBL-Mariner) Security Update for krb5 (12128)
  • 904796 Common Base Linux Mariner (CBL-Mariner) Security Update for samba (12123)
  • 904797 Common Base Linux Mariner (CBL-Mariner) Security Update for krb5 (12133)
  • 905238 Common Base Linux Mariner (CBL-Mariner) Security Update for krb5 (12133-1)
  • 905346 Common Base Linux Mariner (CBL-Mariner) Security Update for heimdal (12125-1)
  • 905349 Common Base Linux Mariner (CBL-Mariner) Security Update for krb5 (12128-1)
  • 940850 AlmaLinux Security Update for krb5 (ALSA-2022:8638)
  • 940853 AlmaLinux Security Update for krb5 (ALSA-2022:8637)
  • 960467 Rocky Linux Security Update for krb5 (RLSA-2022:8638)
  • 960580 Rocky Linux Security Update for krb5 (RLSA-2022:8637)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report