Search

Find a vulnerability

Search criteria

    26 vulnerabilities found for heimdal by heimdal_project

    CVE-2022-3116 (GCVE-0-2022-3116)

    Vulnerability from nvd – Published: 2023-03-27 00:00 – Updated: 2025-02-24 19:11
    VLAI
    Summary
    The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a Heimdal Software Kerberos Affected: Heimdal Software Kerberos 5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:10.521Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/730793"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230505-0010/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3116",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-24T19:11:22.523448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-24T19:11:43.894Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Heimdal Software Kerberos",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Heimdal Software Kerberos 5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-05T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://www.kb.cert.org/vuls/id/730793"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230505-0010/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-3116",
        "datePublished": "2023-03-27T00:00:00.000Z",
        "dateReserved": "2022-09-02T00:00:00.000Z",
        "dateUpdated": "2025-02-24T19:11:43.894Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45142 (GCVE-0-2022-45142)

    Vulnerability from nvd – Published: 2023-03-06 00:00 – Updated: 2025-03-06 20:20
    VLAI
    Summary
    The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a Samba Affected: unknown
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:56.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2023/02/08/1"
              },
              {
                "name": "GLSA-202310-06",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-06"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-06T20:20:44.599013Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-06T20:20:48.532Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Samba",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "unknown"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding \"!= 0\" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-354",
                  "description": "CWE-354",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-08T08:06:31.799Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://www.openwall.com/lists/oss-security/2023/02/08/1"
            },
            {
              "name": "GLSA-202310-06",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202310-06"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-45142",
        "datePublished": "2023-03-06T00:00:00.000Z",
        "dateReserved": "2022-11-10T00:00:00.000Z",
        "dateUpdated": "2025-03-06T20:20:48.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44758 (GCVE-0-2021-44758)

    Vulnerability from nvd – Published: 2022-12-26 00:00 – Updated: 2025-04-14 15:57
    VLAI
    Summary
    Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:32:13.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-06"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-44758",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T15:56:38.475347Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-476",
                    "description": "CWE-476 NULL Pointer Dereference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T15:57:20.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-08T08:06:39.029Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv"
            },
            {
              "url": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580"
            },
            {
              "url": "https://security.gentoo.org/glsa/202310-06"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-44758",
        "datePublished": "2022-12-26T00:00:00.000Z",
        "dateReserved": "2021-12-08T00:00:00.000Z",
        "dateUpdated": "2025-04-14T15:57:20.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42898 (GCVE-0-2022-42898)

    Vulnerability from nvd – Published: 2022-12-25 00:00 – Updated: 2025-04-14 18:33
    VLAI
    Summary
    PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:05.317Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://web.mit.edu/kerberos/advisories/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.samba.org/samba/security/CVE-2022-42898.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://web.mit.edu/kerberos/krb5-1.19/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.samba.org/show_bug.cgi?id=15203"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230223-0001/"
              },
              {
                "name": "GLSA-202309-06",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202309-06"
              },
              {
                "name": "GLSA-202310-06",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-06"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42898",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T16:11:12.341307Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-190",
                    "description": "CWE-190 Integer Overflow or Wraparound",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T18:33:09.110Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-08T08:06:38.475Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://web.mit.edu/kerberos/advisories/"
            },
            {
              "url": "https://www.samba.org/samba/security/CVE-2022-42898.html"
            },
            {
              "url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583"
            },
            {
              "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c"
            },
            {
              "url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt"
            },
            {
              "url": "https://web.mit.edu/kerberos/krb5-1.19/"
            },
            {
              "url": "https://bugzilla.samba.org/show_bug.cgi?id=15203"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230223-0001/"
            },
            {
              "name": "GLSA-202309-06",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202309-06"
            },
            {
              "name": "GLSA-202310-06",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202310-06"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-42898",
        "datePublished": "2022-12-25T00:00:00.000Z",
        "dateReserved": "2022-10-13T00:00:00.000Z",
        "dateUpdated": "2025-04-14T18:33:09.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44640 (GCVE-0-2022-44640)

    Vulnerability from nvd – Published: 2022-12-25 00:00 – Updated: 2025-04-15 13:20
    VLAI
    Summary
    Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:54:03.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
              },
              {
                "name": "GLSA-202310-06",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-06"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-44640",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T13:20:08.332800Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-415",
                    "description": "CWE-415 Double Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T13:20:13.623Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-08T08:06:33.314Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
            },
            {
              "name": "GLSA-202310-06",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202310-06"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-44640",
        "datePublished": "2022-12-25T00:00:00.000Z",
        "dateReserved": "2022-11-03T00:00:00.000Z",
        "dateUpdated": "2025-04-15T13:20:13.623Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-41916 (GCVE-0-2022-41916)

    Vulnerability from nvd – Published: 2022-11-15 00:00 – Updated: 2025-04-23 16:37
    VLAI
    Title
    Read one byte past a buffer when normalizing Unicode
    Summary
    Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    heimdal heimdal Affected: < 7.7.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:56:38.394Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"
              },
              {
                "name": "DSA-5287",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5287"
              },
              {
                "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
              },
              {
                "name": "GLSA-202310-06",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-06"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41916",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:54:33.510262Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T16:37:26.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "heimdal",
              "vendor": "heimdal",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal\u0027s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal\u0027s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-193",
                  "description": "CWE-193: Off-by-one Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-08T08:06:36.676Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"
            },
            {
              "name": "DSA-5287",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5287"
            },
            {
              "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
            },
            {
              "name": "GLSA-202310-06",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202310-06"
            }
          ],
          "source": {
            "advisory": "GHSA-mgqr-gvh6-23cx",
            "discovery": "UNKNOWN"
          },
          "title": "Read one byte past a buffer when normalizing Unicode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-41916",
        "datePublished": "2022-11-15T00:00:00.000Z",
        "dateReserved": "2022-09-30T00:00:00.000Z",
        "dateUpdated": "2025-04-23T16:37:26.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16860 (GCVE-0-2018-16860)

    Vulnerability from nvd – Published: 2019-07-31 14:38 – Updated: 2024-08-05 10:32
    VLAI
    Summary
    A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.
    CWE
    Assigner
    References
    URL Tags
    https://www.synology.com/security/advisory/Synolo… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    https://www.samba.org/samba/security/CVE-2018-168… x_refsource_MISC
    https://seclists.org/bugtraq/2019/Aug/25 mailing-listx_refsource_BUGTRAQ
    https://seclists.org/bugtraq/2019/Aug/22 mailing-listx_refsource_BUGTRAQ
    https://seclists.org/bugtraq/2019/Aug/23 mailing-listx_refsource_BUGTRAQ
    https://seclists.org/bugtraq/2019/Aug/21 mailing-listx_refsource_BUGTRAQ
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://seclists.org/fulldisclosure/2019/Aug/14 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/11 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/13 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/15 mailing-listx_refsource_FULLDISC
    https://support.apple.com/HT210346 x_refsource_CONFIRM
    https://support.apple.com/HT210348 x_refsource_CONFIRM
    https://support.apple.com/HT210351 x_refsource_CONFIRM
    https://support.apple.com/HT210353 x_refsource_CONFIRM
    https://security.gentoo.org/glsa/202003-52 vendor-advisoryx_refsource_GENTOO
    Impacted products
    Vendor Product Version
    SAMBA samba Affected: 4.8.x up to, excluding 4.8.12
    Affected: 4.9.x up to, excluding 4.9.8
    Affected: 4.10.x up to, excluding 4.10.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:32:54.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_19_23"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.samba.org/samba/security/CVE-2018-16860.html"
              },
              {
                "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/25"
              },
              {
                "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/22"
              },
              {
                "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/23"
              },
              {
                "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/21"
              },
              {
                "name": "openSUSE-SU-2019:1888",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT210346"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT210348"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT210351"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT210353"
              },
              {
                "name": "GLSA-202003-52",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202003-52"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "samba",
              "vendor": "SAMBA",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8.x up to, excluding 4.8.12"
                },
                {
                  "status": "affected",
                  "version": "4.9.x up to, excluding 4.9.8"
                },
                {
                  "status": "affected",
                  "version": "4.10.x up to, excluding 4.10.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in samba\u0027s Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-358",
                  "description": "CWE-358",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-25T18:06:17.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_23"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.samba.org/samba/security/CVE-2018-16860.html"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/25"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/22"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/23"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/21"
            },
            {
              "name": "openSUSE-SU-2019:1888",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT210346"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT210348"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT210351"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT210353"
            },
            {
              "name": "GLSA-202003-52",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202003-52"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2018-16860",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "samba",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.8.x up to, excluding 4.8.12"
                              },
                              {
                                "version_value": "4.9.x up to, excluding 4.9.8"
                              },
                              {
                                "version_value": "4.10.x up to, excluding 4.10.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAMBA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A flaw was found in samba\u0027s Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-358"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synology.com/security/advisory/Synology_SA_19_23",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/security/advisory/Synology_SA_19_23"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860"
                },
                {
                  "name": "https://www.samba.org/samba/security/CVE-2018-16860.html",
                  "refsource": "MISC",
                  "url": "https://www.samba.org/samba/security/CVE-2018-16860.html"
                },
                {
                  "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/25"
                },
                {
                  "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/22"
                },
                {
                  "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/23"
                },
                {
                  "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/21"
                },
                {
                  "name": "openSUSE-SU-2019:1888",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
                },
                {
                  "name": "https://support.apple.com/HT210346",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT210346"
                },
                {
                  "name": "https://support.apple.com/HT210348",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT210348"
                },
                {
                  "name": "https://support.apple.com/HT210351",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT210351"
                },
                {
                  "name": "https://support.apple.com/HT210353",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT210353"
                },
                {
                  "name": "GLSA-202003-52",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202003-52"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-16860",
        "datePublished": "2019-07-31T14:38:36.000Z",
        "dateReserved": "2018-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:32:54.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12098 (GCVE-0-2019-12098)

    Vulnerability from nvd – Published: 2019-05-15 22:41 – Updated: 2026-04-15 20:49
    VLAI
    Summary
    In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-295 - Improper Certificate Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:10:30.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/compare/3e58559...bbafe72"
              },
              {
                "name": "20190603 [SECURITY] [DSA 4455-1] heimdal security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jun/1"
              },
              {
                "name": "DSA-4455",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4455"
              },
              {
                "name": "openSUSE-SU-2019:1682",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html"
              },
              {
                "name": "openSUSE-SU-2019:1688",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html"
              },
              {
                "name": "openSUSE-SU-2019:1888",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
              },
              {
                "name": "FEDORA-2019-f3046b6bfb",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/"
              },
              {
                "name": "FEDORA-2019-2fa7d6405b",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-12098",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T20:49:17.967235Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T20:49:22.320Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-04T23:06:04.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/heimdal/heimdal/compare/3e58559...bbafe72"
            },
            {
              "name": "20190603 [SECURITY] [DSA 4455-1] heimdal security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/1"
            },
            {
              "name": "DSA-4455",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4455"
            },
            {
              "name": "openSUSE-SU-2019:1682",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html"
            },
            {
              "name": "openSUSE-SU-2019:1688",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html"
            },
            {
              "name": "openSUSE-SU-2019:1888",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
            },
            {
              "name": "FEDORA-2019-f3046b6bfb",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/"
            },
            {
              "name": "FEDORA-2019-2fa7d6405b",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-12098",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0",
                  "refsource": "MISC",
                  "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0"
                },
                {
                  "name": "http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html"
                },
                {
                  "name": "https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf"
                },
                {
                  "name": "https://github.com/heimdal/heimdal/compare/3e58559...bbafe72",
                  "refsource": "MISC",
                  "url": "https://github.com/heimdal/heimdal/compare/3e58559...bbafe72"
                },
                {
                  "name": "20190603 [SECURITY] [DSA 4455-1] heimdal security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Jun/1"
                },
                {
                  "name": "DSA-4455",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4455"
                },
                {
                  "name": "openSUSE-SU-2019:1682",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html"
                },
                {
                  "name": "openSUSE-SU-2019:1688",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html"
                },
                {
                  "name": "openSUSE-SU-2019:1888",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
                },
                {
                  "name": "FEDORA-2019-f3046b6bfb",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/"
                },
                {
                  "name": "FEDORA-2019-2fa7d6405b",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-12098",
        "datePublished": "2019-05-15T22:41:11.000Z",
        "dateReserved": "2019-05-14T00:00:00.000Z",
        "dateUpdated": "2026-04-15T20:49:22.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2017-17439 (GCVE-0-2017-17439)

    Vulnerability from nvd – Published: 2017-12-06 15:00 – Updated: 2024-08-05 20:51
    VLAI
    Summary
    In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-12-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:51:31.511Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/issues/353"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://h5l.org/advisories.html?show=2017-12-08"
              },
              {
                "name": "DSA-4055",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2017/dsa-4055"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-29T23:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/heimdal/heimdal/issues/353"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://h5l.org/advisories.html?show=2017-12-08"
            },
            {
              "name": "DSA-4055",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2017/dsa-4055"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-17439",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"
                },
                {
                  "name": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"
                },
                {
                  "name": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"
                },
                {
                  "name": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html",
                  "refsource": "MISC",
                  "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"
                },
                {
                  "name": "https://github.com/heimdal/heimdal/issues/353",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/heimdal/heimdal/issues/353"
                },
                {
                  "name": "http://h5l.org/advisories.html?show=2017-12-08",
                  "refsource": "CONFIRM",
                  "url": "http://h5l.org/advisories.html?show=2017-12-08"
                },
                {
                  "name": "DSA-4055",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2017/dsa-4055"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-17439",
        "datePublished": "2017-12-06T15:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:51:31.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6594 (GCVE-0-2017-6594)

    Vulnerability from nvd – Published: 2017-08-28 19:00 – Updated: 2024-08-05 15:33
    VLAI
    Summary
    The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:33:20.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0"
              },
              {
                "name": "openSUSE-SU-2017:2180",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.h5l.org/advisories.html?show=2017-04-13"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0"
            },
            {
              "name": "openSUSE-SU-2017:2180",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.h5l.org/advisories.html?show=2017-04-13"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-6594",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0"
                },
                {
                  "name": "openSUSE-SU-2017:2180",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html"
                },
                {
                  "name": "http://www.h5l.org/advisories.html?show=2017-04-13",
                  "refsource": "CONFIRM",
                  "url": "http://www.h5l.org/advisories.html?show=2017-04-13"
                },
                {
                  "name": "https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-6594",
        "datePublished": "2017-08-28T19:00:00.000Z",
        "dateReserved": "2017-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:33:20.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11103 (GCVE-0-2017-11103)

    Vulnerability from nvd – Published: 2017-07-13 13:00 – Updated: 2024-08-05 17:57
    VLAI
    Summary
    Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-07-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:57:57.836Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT208221"
              },
              {
                "name": "DSA-3912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3912"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT208144"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.orpheus-lyre.info/"
              },
              {
                "name": "FreeBSD-SA-17:05",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc"
              },
              {
                "name": "99551",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99551"
              },
              {
                "name": "1039427",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039427"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.samba.org/samba/security/CVE-2017-11103.html"
              },
              {
                "name": "1038876",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038876"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT208112"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.h5l.org/advisories.html?show=2017-07-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-07-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus\u0027 Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in \u0027enc_part\u0027 instead of the unencrypted version stored in \u0027ticket\u0027. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-20T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT208221"
            },
            {
              "name": "DSA-3912",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3912"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT208144"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.orpheus-lyre.info/"
            },
            {
              "name": "FreeBSD-SA-17:05",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc"
            },
            {
              "name": "99551",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99551"
            },
            {
              "name": "1039427",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039427"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.samba.org/samba/security/CVE-2017-11103.html"
            },
            {
              "name": "1038876",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038876"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT208112"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.h5l.org/advisories.html?show=2017-07-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-11103",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus\u0027 Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in \u0027enc_part\u0027 instead of the unencrypted version stored in \u0027ticket\u0027. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/HT208221",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT208221"
                },
                {
                  "name": "DSA-3912",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3912"
                },
                {
                  "name": "https://support.apple.com/HT208144",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT208144"
                },
                {
                  "name": "https://www.orpheus-lyre.info/",
                  "refsource": "MISC",
                  "url": "https://www.orpheus-lyre.info/"
                },
                {
                  "name": "FreeBSD-SA-17:05",
                  "refsource": "FREEBSD",
                  "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc"
                },
                {
                  "name": "99551",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99551"
                },
                {
                  "name": "1039427",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039427"
                },
                {
                  "name": "https://www.samba.org/samba/security/CVE-2017-11103.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.samba.org/samba/security/CVE-2017-11103.html"
                },
                {
                  "name": "1038876",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038876"
                },
                {
                  "name": "https://support.apple.com/HT208112",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT208112"
                },
                {
                  "name": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0"
                },
                {
                  "name": "http://www.h5l.org/advisories.html?show=2017-07-11",
                  "refsource": "CONFIRM",
                  "url": "http://www.h5l.org/advisories.html?show=2017-07-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-11103",
        "datePublished": "2017-07-13T13:00:00.000Z",
        "dateReserved": "2017-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:57:57.836Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4862 (GCVE-0-2011-4862)

    Vulnerability from nvd – Published: 2011-12-25 01:00 – Updated: 2024-08-07 00:16
    VLAI KEVIntel
    Summary
    Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/47399 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2011/dsa-2375 vendor-advisoryx_refsource_DEBIAN
    http://www.redhat.com/support/errata/RHSA-2011-18… vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://www.debian.org/security/2011/dsa-2372 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/47359 third-party-advisoryx_refsource_SECUNIA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.freebsd.org/pipermail/freebsd-securi… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/47374 third-party-advisoryx_refsource_SECUNIA
    http://lists.freebsd.org/pipermail/freebsd-securi… mailing-listx_refsource_MLIST
    http://security.freebsd.org/advisories/FreeBSD-SA… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://osvdb.org/78020 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1026463 vdb-entryx_refsource_SECTRACK
    http://lists.freebsd.org/pipermail/freebsd-securi… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/47341 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2011-18… vendor-advisoryx_refsource_REDHAT
    http://www.redhat.com/support/errata/RHSA-2011-18… vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://security.freebsd.org/patches/SA-11:08/teln… x_refsource_CONFIRM
    http://secunia.com/advisories/47357 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/46239 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/47397 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/47373 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.freebsd.org/pipermail/freebsd-securi… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/47441 third-party-advisoryx_refsource_SECUNIA
    http://git.savannah.gnu.org/cgit/inetutils.git/co… x_refsource_CONFIRM
    http://web.mit.edu/kerberos/www/advisories/MITKRB… x_refsource_CONFIRM
    http://www.redhat.com/support/errata/RHSA-2011-18… vendor-advisoryx_refsource_REDHAT
    http://www.exploit-db.com/exploits/18280/ exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/47348 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1026460 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2011/dsa-2373 vendor-advisoryx_refsource_DEBIAN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2011-12-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:16:35.035Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2012:0042",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
              },
              {
                "name": "47399",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47399"
              },
              {
                "name": "DSA-2375",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2375"
              },
              {
                "name": "RHSA-2011:1854",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-1854.html"
              },
              {
                "name": "SUSE-SU-2012:0018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"
              },
              {
                "name": "20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html"
              },
              {
                "name": "DSA-2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2372"
              },
              {
                "name": "47359",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47359"
              },
              {
                "name": "FEDORA-2011-17493",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html"
              },
              {
                "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html"
              },
              {
                "name": "47374",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47374"
              },
              {
                "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html"
              },
              {
                "name": "FreeBSD-SA-11:08",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
              },
              {
                "name": "openSUSE-SU-2012:0019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"
              },
              {
                "name": "FEDORA-2011-17492",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html"
              },
              {
                "name": "MDVSA-2011:195",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:195"
              },
              {
                "name": "SUSE-SU-2012:0024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html"
              },
              {
                "name": "SUSE-SU-2012:0050",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"
              },
              {
                "name": "78020",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/78020"
              },
              {
                "name": "1026463",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1026463"
              },
              {
                "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html"
              },
              {
                "name": "47341",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47341"
              },
              {
                "name": "RHSA-2011:1852",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-1852.html"
              },
              {
                "name": "RHSA-2011:1853",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-1853.html"
              },
              {
                "name": "openSUSE-SU-2012:0051",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://security.freebsd.org/patches/SA-11:08/telnetd.patch"
              },
              {
                "name": "47357",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47357"
              },
              {
                "name": "46239",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46239"
              },
              {
                "name": "SUSE-SU-2012:0010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
              },
              {
                "name": "47397",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47397"
              },
              {
                "name": "47373",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47373"
              },
              {
                "name": "SUSE-SU-2012:0056",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html"
              },
              {
                "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html"
              },
              {
                "name": "47441",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47441"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt"
              },
              {
                "name": "RHSA-2011:1851",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-1851.html"
              },
              {
                "name": "18280",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/18280/"
              },
              {
                "name": "47348",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47348"
              },
              {
                "name": "1026460",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1026460"
              },
              {
                "name": "DSA-2373",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2373"
              },
              {
                "name": "multiple-telnetd-bo(71970)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71970"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-12-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
            "shortName": "freebsd"
          },
          "references": [
            {
              "name": "SUSE-SU-2012:0042",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
            },
            {
              "name": "47399",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47399"
            },
            {
              "name": "DSA-2375",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2375"
            },
            {
              "name": "RHSA-2011:1854",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1854.html"
            },
            {
              "name": "SUSE-SU-2012:0018",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"
            },
            {
              "name": "20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html"
            },
            {
              "name": "DSA-2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2372"
            },
            {
              "name": "47359",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47359"
            },
            {
              "name": "FEDORA-2011-17493",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html"
            },
            {
              "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html"
            },
            {
              "name": "47374",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47374"
            },
            {
              "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html"
            },
            {
              "name": "FreeBSD-SA-11:08",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
            },
            {
              "name": "openSUSE-SU-2012:0019",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"
            },
            {
              "name": "FEDORA-2011-17492",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html"
            },
            {
              "name": "MDVSA-2011:195",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:195"
            },
            {
              "name": "SUSE-SU-2012:0024",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html"
            },
            {
              "name": "SUSE-SU-2012:0050",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"
            },
            {
              "name": "78020",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/78020"
            },
            {
              "name": "1026463",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1026463"
            },
            {
              "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html"
            },
            {
              "name": "47341",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47341"
            },
            {
              "name": "RHSA-2011:1852",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1852.html"
            },
            {
              "name": "RHSA-2011:1853",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1853.html"
            },
            {
              "name": "openSUSE-SU-2012:0051",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://security.freebsd.org/patches/SA-11:08/telnetd.patch"
            },
            {
              "name": "47357",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47357"
            },
            {
              "name": "46239",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46239"
            },
            {
              "name": "SUSE-SU-2012:0010",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
            },
            {
              "name": "47397",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47397"
            },
            {
              "name": "47373",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47373"
            },
            {
              "name": "SUSE-SU-2012:0056",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html"
            },
            {
              "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html"
            },
            {
              "name": "47441",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47441"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt"
            },
            {
              "name": "RHSA-2011:1851",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1851.html"
            },
            {
              "name": "18280",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/18280/"
            },
            {
              "name": "47348",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47348"
            },
            {
              "name": "1026460",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1026460"
            },
            {
              "name": "DSA-2373",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2373"
            },
            {
              "name": "multiple-telnetd-bo(71970)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71970"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secteam@freebsd.org",
              "ID": "CVE-2011-4862",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2012:0042",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
                },
                {
                  "name": "47399",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47399"
                },
                {
                  "name": "DSA-2375",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2375"
                },
                {
                  "name": "RHSA-2011:1854",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-1854.html"
                },
                {
                  "name": "SUSE-SU-2012:0018",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"
                },
                {
                  "name": "20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html"
                },
                {
                  "name": "DSA-2372",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2372"
                },
                {
                  "name": "47359",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47359"
                },
                {
                  "name": "FEDORA-2011-17493",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html"
                },
                {
                  "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                  "refsource": "MLIST",
                  "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html"
                },
                {
                  "name": "47374",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47374"
                },
                {
                  "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                  "refsource": "MLIST",
                  "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html"
                },
                {
                  "name": "FreeBSD-SA-11:08",
                  "refsource": "FREEBSD",
                  "url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
                },
                {
                  "name": "openSUSE-SU-2012:0019",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"
                },
                {
                  "name": "FEDORA-2011-17492",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html"
                },
                {
                  "name": "MDVSA-2011:195",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:195"
                },
                {
                  "name": "SUSE-SU-2012:0024",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html"
                },
                {
                  "name": "SUSE-SU-2012:0050",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"
                },
                {
                  "name": "78020",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/78020"
                },
                {
                  "name": "1026463",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1026463"
                },
                {
                  "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                  "refsource": "MLIST",
                  "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html"
                },
                {
                  "name": "47341",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47341"
                },
                {
                  "name": "RHSA-2011:1852",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-1852.html"
                },
                {
                  "name": "RHSA-2011:1853",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-1853.html"
                },
                {
                  "name": "openSUSE-SU-2012:0051",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"
                },
                {
                  "name": "http://security.freebsd.org/patches/SA-11:08/telnetd.patch",
                  "refsource": "CONFIRM",
                  "url": "http://security.freebsd.org/patches/SA-11:08/telnetd.patch"
                },
                {
                  "name": "47357",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47357"
                },
                {
                  "name": "46239",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/46239"
                },
                {
                  "name": "SUSE-SU-2012:0010",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
                },
                {
                  "name": "47397",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47397"
                },
                {
                  "name": "47373",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47373"
                },
                {
                  "name": "SUSE-SU-2012:0056",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html"
                },
                {
                  "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                  "refsource": "MLIST",
                  "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html"
                },
                {
                  "name": "47441",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47441"
                },
                {
                  "name": "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592",
                  "refsource": "CONFIRM",
                  "url": "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592"
                },
                {
                  "name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt",
                  "refsource": "CONFIRM",
                  "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt"
                },
                {
                  "name": "RHSA-2011:1851",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-1851.html"
                },
                {
                  "name": "18280",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/18280/"
                },
                {
                  "name": "47348",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47348"
                },
                {
                  "name": "1026460",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1026460"
                },
                {
                  "name": "DSA-2373",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2373"
                },
                {
                  "name": "multiple-telnetd-bo(71970)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71970"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "assignerShortName": "freebsd",
        "cveId": "CVE-2011-4862",
        "datePublished": "2011-12-25T01:00:00.000Z",
        "dateReserved": "2011-12-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:16:35.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0434 (GCVE-0-2004-0434)

    Vulnerability from nvd – Published: 2004-05-12 04:00 – Updated: 2024-08-08 00:17
    VLAI
    Summary
    k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.debian.org/security/2004/dsa-504 vendor-advisoryx_refsource_DEBIAN
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://marc.info/?l=bugtraq&m=108386148126457&w=2 mailing-listx_refsource_BUGTRAQ
    http://security.gentoo.org/glsa/glsa-200405-23.xml vendor-advisoryx_refsource_GENTOO
    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… vendor-advisoryx_refsource_FREEBSD
    Date Public
    2004-05-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:17:14.980Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "heimdal-kadmind-bo(16071)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16071"
              },
              {
                "name": "DSA-504",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-504"
              },
              {
                "name": "20040506 Advisory: Heimdal kadmind version4 remote heap overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020998.html"
              },
              {
                "name": "20040505 Advisory: Heimdal kadmind version4 remote heap overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108386148126457\u0026w=2"
              },
              {
                "name": "GLSA-200405-23",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200405-23.xml"
              },
              {
                "name": "FreeBSD-SA-04:09",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "heimdal-kadmind-bo(16071)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16071"
            },
            {
              "name": "DSA-504",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-504"
            },
            {
              "name": "20040506 Advisory: Heimdal kadmind version4 remote heap overflow",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020998.html"
            },
            {
              "name": "20040505 Advisory: Heimdal kadmind version4 remote heap overflow",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108386148126457\u0026w=2"
            },
            {
              "name": "GLSA-200405-23",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200405-23.xml"
            },
            {
              "name": "FreeBSD-SA-04:09",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0434",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "heimdal-kadmind-bo(16071)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16071"
                },
                {
                  "name": "DSA-504",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-504"
                },
                {
                  "name": "20040506 Advisory: Heimdal kadmind version4 remote heap overflow",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020998.html"
                },
                {
                  "name": "20040505 Advisory: Heimdal kadmind version4 remote heap overflow",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108386148126457\u0026w=2"
                },
                {
                  "name": "GLSA-200405-23",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200405-23.xml"
                },
                {
                  "name": "FreeBSD-SA-04:09",
                  "refsource": "FREEBSD",
                  "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0434",
        "datePublished": "2004-05-12T04:00:00.000Z",
        "dateReserved": "2004-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:17:14.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3116 (GCVE-0-2022-3116)

    Vulnerability from cvelistv5 – Published: 2023-03-27 00:00 – Updated: 2025-02-24 19:11
    VLAI
    Summary
    The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a Heimdal Software Kerberos Affected: Heimdal Software Kerberos 5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:10.521Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/730793"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230505-0010/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3116",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-24T19:11:22.523448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-24T19:11:43.894Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Heimdal Software Kerberos",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Heimdal Software Kerberos 5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-05T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://www.kb.cert.org/vuls/id/730793"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230505-0010/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-3116",
        "datePublished": "2023-03-27T00:00:00.000Z",
        "dateReserved": "2022-09-02T00:00:00.000Z",
        "dateUpdated": "2025-02-24T19:11:43.894Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45142 (GCVE-0-2022-45142)

    Vulnerability from cvelistv5 – Published: 2023-03-06 00:00 – Updated: 2025-03-06 20:20
    VLAI
    Summary
    The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a Samba Affected: unknown
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:56.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2023/02/08/1"
              },
              {
                "name": "GLSA-202310-06",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-06"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-06T20:20:44.599013Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-06T20:20:48.532Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Samba",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "unknown"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding \"!= 0\" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-354",
                  "description": "CWE-354",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-08T08:06:31.799Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://www.openwall.com/lists/oss-security/2023/02/08/1"
            },
            {
              "name": "GLSA-202310-06",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202310-06"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-45142",
        "datePublished": "2023-03-06T00:00:00.000Z",
        "dateReserved": "2022-11-10T00:00:00.000Z",
        "dateUpdated": "2025-03-06T20:20:48.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44758 (GCVE-0-2021-44758)

    Vulnerability from cvelistv5 – Published: 2022-12-26 00:00 – Updated: 2025-04-14 15:57
    VLAI
    Summary
    Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:32:13.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-06"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-44758",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T15:56:38.475347Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-476",
                    "description": "CWE-476 NULL Pointer Dereference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T15:57:20.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-08T08:06:39.029Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv"
            },
            {
              "url": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580"
            },
            {
              "url": "https://security.gentoo.org/glsa/202310-06"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-44758",
        "datePublished": "2022-12-26T00:00:00.000Z",
        "dateReserved": "2021-12-08T00:00:00.000Z",
        "dateUpdated": "2025-04-14T15:57:20.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42898 (GCVE-0-2022-42898)

    Vulnerability from cvelistv5 – Published: 2022-12-25 00:00 – Updated: 2025-04-14 18:33
    VLAI
    Summary
    PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:05.317Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://web.mit.edu/kerberos/advisories/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.samba.org/samba/security/CVE-2022-42898.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://web.mit.edu/kerberos/krb5-1.19/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.samba.org/show_bug.cgi?id=15203"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230223-0001/"
              },
              {
                "name": "GLSA-202309-06",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202309-06"
              },
              {
                "name": "GLSA-202310-06",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-06"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42898",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T16:11:12.341307Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-190",
                    "description": "CWE-190 Integer Overflow or Wraparound",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T18:33:09.110Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-08T08:06:38.475Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://web.mit.edu/kerberos/advisories/"
            },
            {
              "url": "https://www.samba.org/samba/security/CVE-2022-42898.html"
            },
            {
              "url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583"
            },
            {
              "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c"
            },
            {
              "url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt"
            },
            {
              "url": "https://web.mit.edu/kerberos/krb5-1.19/"
            },
            {
              "url": "https://bugzilla.samba.org/show_bug.cgi?id=15203"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230223-0001/"
            },
            {
              "name": "GLSA-202309-06",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202309-06"
            },
            {
              "name": "GLSA-202310-06",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202310-06"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-42898",
        "datePublished": "2022-12-25T00:00:00.000Z",
        "dateReserved": "2022-10-13T00:00:00.000Z",
        "dateUpdated": "2025-04-14T18:33:09.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44640 (GCVE-0-2022-44640)

    Vulnerability from cvelistv5 – Published: 2022-12-25 00:00 – Updated: 2025-04-15 13:20
    VLAI
    Summary
    Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:54:03.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
              },
              {
                "name": "GLSA-202310-06",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-06"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-44640",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T13:20:08.332800Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-415",
                    "description": "CWE-415 Double Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T13:20:13.623Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-08T08:06:33.314Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
            },
            {
              "name": "GLSA-202310-06",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202310-06"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-44640",
        "datePublished": "2022-12-25T00:00:00.000Z",
        "dateReserved": "2022-11-03T00:00:00.000Z",
        "dateUpdated": "2025-04-15T13:20:13.623Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-41916 (GCVE-0-2022-41916)

    Vulnerability from cvelistv5 – Published: 2022-11-15 00:00 – Updated: 2025-04-23 16:37
    VLAI
    Title
    Read one byte past a buffer when normalizing Unicode
    Summary
    Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    heimdal heimdal Affected: < 7.7.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:56:38.394Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"
              },
              {
                "name": "DSA-5287",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5287"
              },
              {
                "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
              },
              {
                "name": "GLSA-202310-06",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-06"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41916",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:54:33.510262Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T16:37:26.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "heimdal",
              "vendor": "heimdal",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal\u0027s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal\u0027s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-193",
                  "description": "CWE-193: Off-by-one Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-08T08:06:36.676Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"
            },
            {
              "name": "DSA-5287",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5287"
            },
            {
              "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
            },
            {
              "name": "GLSA-202310-06",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202310-06"
            }
          ],
          "source": {
            "advisory": "GHSA-mgqr-gvh6-23cx",
            "discovery": "UNKNOWN"
          },
          "title": "Read one byte past a buffer when normalizing Unicode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-41916",
        "datePublished": "2022-11-15T00:00:00.000Z",
        "dateReserved": "2022-09-30T00:00:00.000Z",
        "dateUpdated": "2025-04-23T16:37:26.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16860 (GCVE-0-2018-16860)

    Vulnerability from cvelistv5 – Published: 2019-07-31 14:38 – Updated: 2024-08-05 10:32
    VLAI
    Summary
    A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.
    CWE
    Assigner
    References
    URL Tags
    https://www.synology.com/security/advisory/Synolo… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    https://www.samba.org/samba/security/CVE-2018-168… x_refsource_MISC
    https://seclists.org/bugtraq/2019/Aug/25 mailing-listx_refsource_BUGTRAQ
    https://seclists.org/bugtraq/2019/Aug/22 mailing-listx_refsource_BUGTRAQ
    https://seclists.org/bugtraq/2019/Aug/23 mailing-listx_refsource_BUGTRAQ
    https://seclists.org/bugtraq/2019/Aug/21 mailing-listx_refsource_BUGTRAQ
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://seclists.org/fulldisclosure/2019/Aug/14 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/11 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/13 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/15 mailing-listx_refsource_FULLDISC
    https://support.apple.com/HT210346 x_refsource_CONFIRM
    https://support.apple.com/HT210348 x_refsource_CONFIRM
    https://support.apple.com/HT210351 x_refsource_CONFIRM
    https://support.apple.com/HT210353 x_refsource_CONFIRM
    https://security.gentoo.org/glsa/202003-52 vendor-advisoryx_refsource_GENTOO
    Impacted products
    Vendor Product Version
    SAMBA samba Affected: 4.8.x up to, excluding 4.8.12
    Affected: 4.9.x up to, excluding 4.9.8
    Affected: 4.10.x up to, excluding 4.10.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:32:54.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_19_23"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.samba.org/samba/security/CVE-2018-16860.html"
              },
              {
                "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/25"
              },
              {
                "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/22"
              },
              {
                "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/23"
              },
              {
                "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/21"
              },
              {
                "name": "openSUSE-SU-2019:1888",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT210346"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT210348"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT210351"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT210353"
              },
              {
                "name": "GLSA-202003-52",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202003-52"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "samba",
              "vendor": "SAMBA",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8.x up to, excluding 4.8.12"
                },
                {
                  "status": "affected",
                  "version": "4.9.x up to, excluding 4.9.8"
                },
                {
                  "status": "affected",
                  "version": "4.10.x up to, excluding 4.10.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in samba\u0027s Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-358",
                  "description": "CWE-358",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-25T18:06:17.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_23"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.samba.org/samba/security/CVE-2018-16860.html"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/25"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/22"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/23"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/21"
            },
            {
              "name": "openSUSE-SU-2019:1888",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT210346"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT210348"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT210351"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT210353"
            },
            {
              "name": "GLSA-202003-52",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202003-52"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2018-16860",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "samba",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.8.x up to, excluding 4.8.12"
                              },
                              {
                                "version_value": "4.9.x up to, excluding 4.9.8"
                              },
                              {
                                "version_value": "4.10.x up to, excluding 4.10.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAMBA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A flaw was found in samba\u0027s Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-358"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synology.com/security/advisory/Synology_SA_19_23",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/security/advisory/Synology_SA_19_23"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860"
                },
                {
                  "name": "https://www.samba.org/samba/security/CVE-2018-16860.html",
                  "refsource": "MISC",
                  "url": "https://www.samba.org/samba/security/CVE-2018-16860.html"
                },
                {
                  "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/25"
                },
                {
                  "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/22"
                },
                {
                  "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/23"
                },
                {
                  "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/21"
                },
                {
                  "name": "openSUSE-SU-2019:1888",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
                },
                {
                  "name": "https://support.apple.com/HT210346",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT210346"
                },
                {
                  "name": "https://support.apple.com/HT210348",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT210348"
                },
                {
                  "name": "https://support.apple.com/HT210351",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT210351"
                },
                {
                  "name": "https://support.apple.com/HT210353",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT210353"
                },
                {
                  "name": "GLSA-202003-52",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202003-52"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-16860",
        "datePublished": "2019-07-31T14:38:36.000Z",
        "dateReserved": "2018-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:32:54.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12098 (GCVE-0-2019-12098)

    Vulnerability from cvelistv5 – Published: 2019-05-15 22:41 – Updated: 2026-04-15 20:49
    VLAI
    Summary
    In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-295 - Improper Certificate Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:10:30.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/compare/3e58559...bbafe72"
              },
              {
                "name": "20190603 [SECURITY] [DSA 4455-1] heimdal security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jun/1"
              },
              {
                "name": "DSA-4455",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4455"
              },
              {
                "name": "openSUSE-SU-2019:1682",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html"
              },
              {
                "name": "openSUSE-SU-2019:1688",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html"
              },
              {
                "name": "openSUSE-SU-2019:1888",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
              },
              {
                "name": "FEDORA-2019-f3046b6bfb",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/"
              },
              {
                "name": "FEDORA-2019-2fa7d6405b",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-12098",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T20:49:17.967235Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T20:49:22.320Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-04T23:06:04.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/heimdal/heimdal/compare/3e58559...bbafe72"
            },
            {
              "name": "20190603 [SECURITY] [DSA 4455-1] heimdal security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/1"
            },
            {
              "name": "DSA-4455",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4455"
            },
            {
              "name": "openSUSE-SU-2019:1682",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html"
            },
            {
              "name": "openSUSE-SU-2019:1688",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html"
            },
            {
              "name": "openSUSE-SU-2019:1888",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
            },
            {
              "name": "FEDORA-2019-f3046b6bfb",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/"
            },
            {
              "name": "FEDORA-2019-2fa7d6405b",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-12098",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0",
                  "refsource": "MISC",
                  "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0"
                },
                {
                  "name": "http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html"
                },
                {
                  "name": "https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf"
                },
                {
                  "name": "https://github.com/heimdal/heimdal/compare/3e58559...bbafe72",
                  "refsource": "MISC",
                  "url": "https://github.com/heimdal/heimdal/compare/3e58559...bbafe72"
                },
                {
                  "name": "20190603 [SECURITY] [DSA 4455-1] heimdal security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Jun/1"
                },
                {
                  "name": "DSA-4455",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4455"
                },
                {
                  "name": "openSUSE-SU-2019:1682",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html"
                },
                {
                  "name": "openSUSE-SU-2019:1688",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html"
                },
                {
                  "name": "openSUSE-SU-2019:1888",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
                },
                {
                  "name": "FEDORA-2019-f3046b6bfb",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/"
                },
                {
                  "name": "FEDORA-2019-2fa7d6405b",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-12098",
        "datePublished": "2019-05-15T22:41:11.000Z",
        "dateReserved": "2019-05-14T00:00:00.000Z",
        "dateUpdated": "2026-04-15T20:49:22.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2017-17439 (GCVE-0-2017-17439)

    Vulnerability from cvelistv5 – Published: 2017-12-06 15:00 – Updated: 2024-08-05 20:51
    VLAI
    Summary
    In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-12-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:51:31.511Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/issues/353"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://h5l.org/advisories.html?show=2017-12-08"
              },
              {
                "name": "DSA-4055",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2017/dsa-4055"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-29T23:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/heimdal/heimdal/issues/353"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://h5l.org/advisories.html?show=2017-12-08"
            },
            {
              "name": "DSA-4055",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2017/dsa-4055"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-17439",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"
                },
                {
                  "name": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"
                },
                {
                  "name": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"
                },
                {
                  "name": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html",
                  "refsource": "MISC",
                  "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"
                },
                {
                  "name": "https://github.com/heimdal/heimdal/issues/353",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/heimdal/heimdal/issues/353"
                },
                {
                  "name": "http://h5l.org/advisories.html?show=2017-12-08",
                  "refsource": "CONFIRM",
                  "url": "http://h5l.org/advisories.html?show=2017-12-08"
                },
                {
                  "name": "DSA-4055",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2017/dsa-4055"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-17439",
        "datePublished": "2017-12-06T15:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:51:31.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6594 (GCVE-0-2017-6594)

    Vulnerability from cvelistv5 – Published: 2017-08-28 19:00 – Updated: 2024-08-05 15:33
    VLAI
    Summary
    The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:33:20.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0"
              },
              {
                "name": "openSUSE-SU-2017:2180",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.h5l.org/advisories.html?show=2017-04-13"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0"
            },
            {
              "name": "openSUSE-SU-2017:2180",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.h5l.org/advisories.html?show=2017-04-13"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-6594",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0"
                },
                {
                  "name": "openSUSE-SU-2017:2180",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html"
                },
                {
                  "name": "http://www.h5l.org/advisories.html?show=2017-04-13",
                  "refsource": "CONFIRM",
                  "url": "http://www.h5l.org/advisories.html?show=2017-04-13"
                },
                {
                  "name": "https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-6594",
        "datePublished": "2017-08-28T19:00:00.000Z",
        "dateReserved": "2017-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:33:20.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11103 (GCVE-0-2017-11103)

    Vulnerability from cvelistv5 – Published: 2017-07-13 13:00 – Updated: 2024-08-05 17:57
    VLAI
    Summary
    Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-07-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:57:57.836Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT208221"
              },
              {
                "name": "DSA-3912",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3912"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT208144"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.orpheus-lyre.info/"
              },
              {
                "name": "FreeBSD-SA-17:05",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc"
              },
              {
                "name": "99551",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99551"
              },
              {
                "name": "1039427",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039427"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.samba.org/samba/security/CVE-2017-11103.html"
              },
              {
                "name": "1038876",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038876"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT208112"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.h5l.org/advisories.html?show=2017-07-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-07-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus\u0027 Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in \u0027enc_part\u0027 instead of the unencrypted version stored in \u0027ticket\u0027. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-20T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT208221"
            },
            {
              "name": "DSA-3912",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3912"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT208144"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.orpheus-lyre.info/"
            },
            {
              "name": "FreeBSD-SA-17:05",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc"
            },
            {
              "name": "99551",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99551"
            },
            {
              "name": "1039427",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039427"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.samba.org/samba/security/CVE-2017-11103.html"
            },
            {
              "name": "1038876",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038876"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT208112"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.h5l.org/advisories.html?show=2017-07-11"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-11103",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus\u0027 Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in \u0027enc_part\u0027 instead of the unencrypted version stored in \u0027ticket\u0027. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/HT208221",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT208221"
                },
                {
                  "name": "DSA-3912",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3912"
                },
                {
                  "name": "https://support.apple.com/HT208144",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT208144"
                },
                {
                  "name": "https://www.orpheus-lyre.info/",
                  "refsource": "MISC",
                  "url": "https://www.orpheus-lyre.info/"
                },
                {
                  "name": "FreeBSD-SA-17:05",
                  "refsource": "FREEBSD",
                  "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc"
                },
                {
                  "name": "99551",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99551"
                },
                {
                  "name": "1039427",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039427"
                },
                {
                  "name": "https://www.samba.org/samba/security/CVE-2017-11103.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.samba.org/samba/security/CVE-2017-11103.html"
                },
                {
                  "name": "1038876",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038876"
                },
                {
                  "name": "https://support.apple.com/HT208112",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT208112"
                },
                {
                  "name": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0"
                },
                {
                  "name": "http://www.h5l.org/advisories.html?show=2017-07-11",
                  "refsource": "CONFIRM",
                  "url": "http://www.h5l.org/advisories.html?show=2017-07-11"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-11103",
        "datePublished": "2017-07-13T13:00:00.000Z",
        "dateReserved": "2017-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:57:57.836Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4862 (GCVE-0-2011-4862)

    Vulnerability from cvelistv5 – Published: 2011-12-25 01:00 – Updated: 2024-08-07 00:16
    VLAI KEVIntel
    Summary
    Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/47399 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2011/dsa-2375 vendor-advisoryx_refsource_DEBIAN
    http://www.redhat.com/support/errata/RHSA-2011-18… vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://www.debian.org/security/2011/dsa-2372 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/47359 third-party-advisoryx_refsource_SECUNIA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.freebsd.org/pipermail/freebsd-securi… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/47374 third-party-advisoryx_refsource_SECUNIA
    http://lists.freebsd.org/pipermail/freebsd-securi… mailing-listx_refsource_MLIST
    http://security.freebsd.org/advisories/FreeBSD-SA… vendor-advisoryx_refsource_FREEBSD
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://osvdb.org/78020 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1026463 vdb-entryx_refsource_SECTRACK
    http://lists.freebsd.org/pipermail/freebsd-securi… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/47341 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2011-18… vendor-advisoryx_refsource_REDHAT
    http://www.redhat.com/support/errata/RHSA-2011-18… vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://security.freebsd.org/patches/SA-11:08/teln… x_refsource_CONFIRM
    http://secunia.com/advisories/47357 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/46239 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/47397 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/47373 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.freebsd.org/pipermail/freebsd-securi… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/47441 third-party-advisoryx_refsource_SECUNIA
    http://git.savannah.gnu.org/cgit/inetutils.git/co… x_refsource_CONFIRM
    http://web.mit.edu/kerberos/www/advisories/MITKRB… x_refsource_CONFIRM
    http://www.redhat.com/support/errata/RHSA-2011-18… vendor-advisoryx_refsource_REDHAT
    http://www.exploit-db.com/exploits/18280/ exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/47348 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1026460 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2011/dsa-2373 vendor-advisoryx_refsource_DEBIAN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2011-12-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:16:35.035Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2012:0042",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
              },
              {
                "name": "47399",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47399"
              },
              {
                "name": "DSA-2375",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2375"
              },
              {
                "name": "RHSA-2011:1854",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-1854.html"
              },
              {
                "name": "SUSE-SU-2012:0018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"
              },
              {
                "name": "20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html"
              },
              {
                "name": "DSA-2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2372"
              },
              {
                "name": "47359",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47359"
              },
              {
                "name": "FEDORA-2011-17493",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html"
              },
              {
                "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html"
              },
              {
                "name": "47374",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47374"
              },
              {
                "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html"
              },
              {
                "name": "FreeBSD-SA-11:08",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
              },
              {
                "name": "openSUSE-SU-2012:0019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"
              },
              {
                "name": "FEDORA-2011-17492",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html"
              },
              {
                "name": "MDVSA-2011:195",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:195"
              },
              {
                "name": "SUSE-SU-2012:0024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html"
              },
              {
                "name": "SUSE-SU-2012:0050",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"
              },
              {
                "name": "78020",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/78020"
              },
              {
                "name": "1026463",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1026463"
              },
              {
                "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html"
              },
              {
                "name": "47341",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47341"
              },
              {
                "name": "RHSA-2011:1852",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-1852.html"
              },
              {
                "name": "RHSA-2011:1853",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-1853.html"
              },
              {
                "name": "openSUSE-SU-2012:0051",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://security.freebsd.org/patches/SA-11:08/telnetd.patch"
              },
              {
                "name": "47357",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47357"
              },
              {
                "name": "46239",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46239"
              },
              {
                "name": "SUSE-SU-2012:0010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
              },
              {
                "name": "47397",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47397"
              },
              {
                "name": "47373",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47373"
              },
              {
                "name": "SUSE-SU-2012:0056",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html"
              },
              {
                "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html"
              },
              {
                "name": "47441",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47441"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt"
              },
              {
                "name": "RHSA-2011:1851",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-1851.html"
              },
              {
                "name": "18280",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/18280/"
              },
              {
                "name": "47348",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47348"
              },
              {
                "name": "1026460",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1026460"
              },
              {
                "name": "DSA-2373",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2373"
              },
              {
                "name": "multiple-telnetd-bo(71970)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71970"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-12-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
            "shortName": "freebsd"
          },
          "references": [
            {
              "name": "SUSE-SU-2012:0042",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
            },
            {
              "name": "47399",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47399"
            },
            {
              "name": "DSA-2375",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2375"
            },
            {
              "name": "RHSA-2011:1854",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1854.html"
            },
            {
              "name": "SUSE-SU-2012:0018",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"
            },
            {
              "name": "20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html"
            },
            {
              "name": "DSA-2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2372"
            },
            {
              "name": "47359",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47359"
            },
            {
              "name": "FEDORA-2011-17493",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html"
            },
            {
              "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html"
            },
            {
              "name": "47374",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47374"
            },
            {
              "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html"
            },
            {
              "name": "FreeBSD-SA-11:08",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
            },
            {
              "name": "openSUSE-SU-2012:0019",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"
            },
            {
              "name": "FEDORA-2011-17492",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html"
            },
            {
              "name": "MDVSA-2011:195",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:195"
            },
            {
              "name": "SUSE-SU-2012:0024",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html"
            },
            {
              "name": "SUSE-SU-2012:0050",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"
            },
            {
              "name": "78020",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/78020"
            },
            {
              "name": "1026463",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1026463"
            },
            {
              "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html"
            },
            {
              "name": "47341",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47341"
            },
            {
              "name": "RHSA-2011:1852",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1852.html"
            },
            {
              "name": "RHSA-2011:1853",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1853.html"
            },
            {
              "name": "openSUSE-SU-2012:0051",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://security.freebsd.org/patches/SA-11:08/telnetd.patch"
            },
            {
              "name": "47357",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47357"
            },
            {
              "name": "46239",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46239"
            },
            {
              "name": "SUSE-SU-2012:0010",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
            },
            {
              "name": "47397",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47397"
            },
            {
              "name": "47373",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47373"
            },
            {
              "name": "SUSE-SU-2012:0056",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html"
            },
            {
              "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html"
            },
            {
              "name": "47441",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47441"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt"
            },
            {
              "name": "RHSA-2011:1851",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1851.html"
            },
            {
              "name": "18280",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/18280/"
            },
            {
              "name": "47348",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47348"
            },
            {
              "name": "1026460",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1026460"
            },
            {
              "name": "DSA-2373",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2373"
            },
            {
              "name": "multiple-telnetd-bo(71970)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71970"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secteam@freebsd.org",
              "ID": "CVE-2011-4862",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2012:0042",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
                },
                {
                  "name": "47399",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47399"
                },
                {
                  "name": "DSA-2375",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2375"
                },
                {
                  "name": "RHSA-2011:1854",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-1854.html"
                },
                {
                  "name": "SUSE-SU-2012:0018",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"
                },
                {
                  "name": "20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html"
                },
                {
                  "name": "DSA-2372",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2372"
                },
                {
                  "name": "47359",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47359"
                },
                {
                  "name": "FEDORA-2011-17493",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html"
                },
                {
                  "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                  "refsource": "MLIST",
                  "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html"
                },
                {
                  "name": "47374",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47374"
                },
                {
                  "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                  "refsource": "MLIST",
                  "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html"
                },
                {
                  "name": "FreeBSD-SA-11:08",
                  "refsource": "FREEBSD",
                  "url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
                },
                {
                  "name": "openSUSE-SU-2012:0019",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"
                },
                {
                  "name": "FEDORA-2011-17492",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html"
                },
                {
                  "name": "MDVSA-2011:195",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:195"
                },
                {
                  "name": "SUSE-SU-2012:0024",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html"
                },
                {
                  "name": "SUSE-SU-2012:0050",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"
                },
                {
                  "name": "78020",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/78020"
                },
                {
                  "name": "1026463",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1026463"
                },
                {
                  "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                  "refsource": "MLIST",
                  "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html"
                },
                {
                  "name": "47341",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47341"
                },
                {
                  "name": "RHSA-2011:1852",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-1852.html"
                },
                {
                  "name": "RHSA-2011:1853",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-1853.html"
                },
                {
                  "name": "openSUSE-SU-2012:0051",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"
                },
                {
                  "name": "http://security.freebsd.org/patches/SA-11:08/telnetd.patch",
                  "refsource": "CONFIRM",
                  "url": "http://security.freebsd.org/patches/SA-11:08/telnetd.patch"
                },
                {
                  "name": "47357",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47357"
                },
                {
                  "name": "46239",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/46239"
                },
                {
                  "name": "SUSE-SU-2012:0010",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
                },
                {
                  "name": "47397",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47397"
                },
                {
                  "name": "47373",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47373"
                },
                {
                  "name": "SUSE-SU-2012:0056",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html"
                },
                {
                  "name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
                  "refsource": "MLIST",
                  "url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html"
                },
                {
                  "name": "47441",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47441"
                },
                {
                  "name": "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592",
                  "refsource": "CONFIRM",
                  "url": "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592"
                },
                {
                  "name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt",
                  "refsource": "CONFIRM",
                  "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt"
                },
                {
                  "name": "RHSA-2011:1851",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-1851.html"
                },
                {
                  "name": "18280",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/18280/"
                },
                {
                  "name": "47348",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47348"
                },
                {
                  "name": "1026460",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1026460"
                },
                {
                  "name": "DSA-2373",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2373"
                },
                {
                  "name": "multiple-telnetd-bo(71970)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71970"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "assignerShortName": "freebsd",
        "cveId": "CVE-2011-4862",
        "datePublished": "2011-12-25T01:00:00.000Z",
        "dateReserved": "2011-12-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:16:35.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0434 (GCVE-0-2004-0434)

    Vulnerability from cvelistv5 – Published: 2004-05-12 04:00 – Updated: 2024-08-08 00:17
    VLAI
    Summary
    k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.debian.org/security/2004/dsa-504 vendor-advisoryx_refsource_DEBIAN
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://marc.info/?l=bugtraq&m=108386148126457&w=2 mailing-listx_refsource_BUGTRAQ
    http://security.gentoo.org/glsa/glsa-200405-23.xml vendor-advisoryx_refsource_GENTOO
    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… vendor-advisoryx_refsource_FREEBSD
    Date Public
    2004-05-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:17:14.980Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "heimdal-kadmind-bo(16071)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16071"
              },
              {
                "name": "DSA-504",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-504"
              },
              {
                "name": "20040506 Advisory: Heimdal kadmind version4 remote heap overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020998.html"
              },
              {
                "name": "20040505 Advisory: Heimdal kadmind version4 remote heap overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108386148126457\u0026w=2"
              },
              {
                "name": "GLSA-200405-23",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200405-23.xml"
              },
              {
                "name": "FreeBSD-SA-04:09",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "heimdal-kadmind-bo(16071)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16071"
            },
            {
              "name": "DSA-504",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-504"
            },
            {
              "name": "20040506 Advisory: Heimdal kadmind version4 remote heap overflow",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020998.html"
            },
            {
              "name": "20040505 Advisory: Heimdal kadmind version4 remote heap overflow",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108386148126457\u0026w=2"
            },
            {
              "name": "GLSA-200405-23",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200405-23.xml"
            },
            {
              "name": "FreeBSD-SA-04:09",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0434",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "heimdal-kadmind-bo(16071)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16071"
                },
                {
                  "name": "DSA-504",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-504"
                },
                {
                  "name": "20040506 Advisory: Heimdal kadmind version4 remote heap overflow",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020998.html"
                },
                {
                  "name": "20040505 Advisory: Heimdal kadmind version4 remote heap overflow",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108386148126457\u0026w=2"
                },
                {
                  "name": "GLSA-200405-23",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200405-23.xml"
                },
                {
                  "name": "FreeBSD-SA-04:09",
                  "refsource": "FREEBSD",
                  "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0434",
        "datePublished": "2004-05-12T04:00:00.000Z",
        "dateReserved": "2004-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:17:14.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }