CVE-2022-41916
- Source
- https://cve.org/CVERecord?id=CVE-2022-41916
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41916.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-41916
- Aliases
-
- GHSA-mgqr-gvh6-23cx
- Downstream
- Related
- Published
- 2022-11-15T00:00:00Z
- Modified
- 2026-04-02T08:18:17.124296Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Read one byte past a buffer when normalizing Unicode
- Details
-
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41916.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-193" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41916.json
- https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx
- https://nvd.nist.gov/vuln/detail/CVE-2022-41916
- https://security.gentoo.org/glsa/202310-06
- https://security.netapp.com/advisory/ntap-20230216-0008/
- https://www.debian.org/security/2022/dsa-5287
- https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html
Affected packages
Git / github.com/heimdal/heimdal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/heimdal/heimdal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
elric_sig_20111129131746
elric_sig_20111129135520
elric_sig_20120110220232
elric_sig_20120118160826
elric_sig_20120127210158
elric_sig_20120215093216
elric_sig_20120220002021
elric_sig_20120225214124
elric_sig_20120228113419
elric_sig_20120306233424
elric_sig_20120307115043
elric_sig_20120522230313
git2svn-syncpoint-heimdal-1-1-branch
git2svn-syncpoint-master
switch-from-svn-to-git
heimdal-0.*
heimdal-0.0j
heimdal-0.0k
heimdal-0.0l
heimdal-0.0m
heimdal-0.0n
heimdal-0.0o
heimdal-0.0p
heimdal-0.0q
heimdal-0.0r
heimdal-0.0s
heimdal-0.0t
heimdal-0.0u
heimdal-0.1a
heimdal-0.1b
heimdal-0.1c
heimdal-0.1d
heimdal-0.1e
heimdal-0.1f
heimdal-0.1g
heimdal-0.1h
heimdal-0.1i
heimdal-0.1j
heimdal-0.1k
heimdal-0.1l
heimdal-0.1m
heimdal-0.2a
heimdal-0.2b
heimdal-0.2c
heimdal-0.2d
heimdal-0.2e
heimdal-0.2f
heimdal-0.2g
heimdal-0.2h
heimdal-0.2i
heimdal-0.2j
heimdal-0.2k
heimdal-0.2l
heimdal-0.2m
heimdal-0.2n
heimdal-0.2o
heimdal-0.2p
heimdal-0.2q
heimdal-0.2r
heimdal-0.2s
heimdal-0.2t
heimdal-0.3a
heimdal-0.3b
heimdal-0.3c
heimdal-0.3d
heimdal-0.3e
heimdal-0.3f
heimdal-0.4.d
heimdal-0.4.e
heimdal-0.4.f
heimdal-0.4a
heimdal-0.4b
heimdal-0.4c
heimdal-0.5
heimdal-0.5.1
heimdal-0.5.2
heimdal-0.5.3
heimdal-0.6
heimdal-0.6.1
heimdal-0.6.2
heimdal-0.6.3
heimdal-0.6.4
heimdal-0.6.5
heimdal-0.6.6
heimdal-0.7
heimdal-0.7.1
heimdal-0.7.2
heimdal-0.8
heimdal-0.8.1
heimdal-0.9rc1
heimdal-1.*
heimdal-1.0
heimdal-1.0.1
heimdal-1.0.2
heimdal-1.1
heimdal-1.2
heimdal-1.2.1
heimdal-1.3.0
heimdal-1.3.0pre1
heimdal-1.3.0pre10
heimdal-1.3.0pre11
heimdal-1.3.0pre2
heimdal-1.3.0pre3
heimdal-1.3.0pre4
heimdal-1.3.0pre5
heimdal-1.3.0pre6
heimdal-1.3.0pre7
heimdal-1.3.0pre8
heimdal-1.3.0pre9
heimdal-1.3.0rc1
heimdal-1.3.1
heimdal-1.3.1rc1
heimdal-1.3.2
heimdal-1.3.2rc1
heimdal-1.3.2rc2
heimdal-1.3.2rc3
heimdal-1.3.2rc4
heimdal-1.3.3
heimdal-1.3.3rc1
heimdal-1.4
heimdal-1.4.1rc1
heimdal-1.4.1rc2
heimdal-1.5
heimdal-1.5.1
heimdal-1.5.2
heimdal-1.5.3
heimdal-1.5pre1
heimdal-1.5pre2
heimdal-1.5rc1
heimdal-1.6rc1
heimdal-1.6rc2
heimdal-7.*
heimdal-7.0.1
heimdal-7.0.2
heimdal-7.0.3
heimdal-7.1.0
heimdal-7.1rc1
heimdal-7.2.0
heimdal-7.3.0
heimdal-7.4.0
heimdal-7.5.0
heimdal-7.6.0
heimdal-7.7.0
heimdal-7.8.0
upstream-1.*
upstream-1.4.0+git20101228.dfsg.1
upstream-1.4.0+git20110220.dfsg.1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41916.json"
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"185684756605390238103334007784352789624",
"7131579695216385856922531758292910060",
"96067565823201056646313325968740529266",
"307324062224806380958204996069287421659"
],
"threshold": 0.9
},
"source": "https://github.com/heimdal/heimdal/commit/78077c39e355766221383ee48c8b9be0459a82a4",
"id": "CVE-2022-41916-7e74d481",
"target": {
"file": "include/bits.c"
}
}
]