CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-45142

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.3%

CVSS Severity

CVSS v3 Score 7.5

References

https://security.gentoo.org/glsa/202310-06
https://www.openwall.com/lists/oss-security/2023/02/08/1
https://security.gentoo.org/glsa/202310-06
https://www.openwall.com/lists/oss-security/2023/02/08/1

Products affected by CVE-2022-45142

Heimdal Project » Heimdal » Version: 7.7.1

cpe:2.3:a:heimdal_project:heimdal:7.7.1
Heimdal Project » Heimdal » Version: 7.8.0

cpe:2.3:a:heimdal_project:heimdal:7.8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-45142

Products

Pricing

Contact Us