9.8

CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Heimdal ProjectHeimdal Version < 7.7.1
SambaSamba Version >= 4.15.0 < 4.15.3
SambaSamba Version >= 4.16.0 < 4.16.8
SambaSamba Version >= 4.17.0 < 4.17.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.84% 0.763
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://security.gentoo.org/glsa/202310-06
https://security.netapp.com/advisory/ntap-20230216-0008/
Third Party Advisory
https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4
Third Party Advisory