CVE-2022-44640

Published: Dec 25, 2022Modified: Apr 15, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).

Affected (4)

Products: Heimdal Project: Heimdal · Samba: Samba

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Heimdal Project Heimdal	Before 7.7.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Samba Samba	From 4.15.0 to 4.15.3
Samba Samba	From 4.16.0 to 4.16.8
Samba Samba	From 4.17.0 to 4.17.4

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (6)

https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/202310-06

Source: cve@mitre.org

https://security.netapp.com/advisory/ntap-20230216-0008/

Source: cve@mitre.org

Third Party Advisory

https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/202310-06

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20230216-0008/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.