CVE-2022-45142
Summary
| CVE | CVE-2022-45142 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-03-06 23:15:00 UTC |
|---|
| Updated | 2023-10-08 09:15:00 UTC |
|---|
| Description | The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Heimdal: Multiple Vulnerabilities (GLSA 202310-06) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| oss-security - [vs] heimdal: CVE-2022-45142: signature validation failure |
MISC |
www.openwall.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181550 Debian Security Update for heimdal (DLA 3311-1)
- 181552 Debian Security Update for heimdal (DSA 5344-1)
- 184971 Debian Security Update for heimdal (CVE-2022-45142)
- 199152 Ubuntu Security Notification for Heimdal Vulnerabilities (USN-5849-1)
- 502654 Alpine Linux Security Update for heimdal
- 502655 Alpine Linux Security Update for heimdal
- 502732 Alpine Linux Security Update for heimdal
- 503111 Alpine Linux Security Update for heimdal
- 505878 Alpine Linux Security Update for heimdal
- 710767 Gentoo Linux Heimdal Multiple Vulnerabilities (GLSA 202310-06)
- 906618 Common Base Linux Mariner (CBL-Mariner) Security Update for heimdal (25604-3)
- 906697 Common Base Linux Mariner (CBL-Mariner) Security Update for heimdal (25612-1)
