CVE-2022-45142
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-45142
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45142.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-45142
- Related
- Published
- 2023-03-06T23:15:11Z
- Modified
- 2024-12-05T15:34:17.144079Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.
- References
Affected packages
Alpine:v3.14 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.7.1-r1
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
7.4.0-r2
7.5.0-r0
7.5.0-r1
7.5.0-r2
7.5.0-r3
7.5.0-r4
7.7.0-r0
7.7.0-r1
7.7.0-r2
7.7.0-r3
7.7.0-r4
7.7.1-r0
Alpine:v3.15 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.7.1-r0
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
7.4.0-r2
7.5.0-r0
7.5.0-r1
7.5.0-r2
7.5.0-r3
7.5.0-r4
7.7.0-r0
7.7.0-r1
7.7.0-r2
7.7.0-r3
7.7.0-r4
7.7.0-r5
7.7.0-r6
7.7.0-r7
7.7.0-r8
Alpine:v3.16 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.7.1-r0
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
7.4.0-r2
7.5.0-r0
7.5.0-r1
7.5.0-r2
7.5.0-r3
7.5.0-r4
7.7.0-r0
7.7.0-r1
7.7.0-r2
7.7.0-r3
7.7.0-r4
7.7.0-r5
7.7.0-r6
7.7.0-r7
7.7.0-r8
Alpine:v3.17 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.8.0-r1
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
7.4.0-r2
7.5.0-r0
7.5.0-r1
7.5.0-r2
7.5.0-r3
7.5.0-r4
7.7.0-r0
7.7.0-r1
7.7.0-r2
7.7.0-r3
7.7.0-r4
7.7.0-r5
7.7.0-r6
7.7.0-r7
7.7.0-r8
7.7.1-r0
7.8.0-r0
Alpine:v3.18 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.8.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
7.4.0-r2
7.5.0-r0
7.5.0-r1
7.5.0-r2
7.5.0-r3
7.5.0-r4
7.7.0-r0
7.7.0-r1
7.7.0-r2
7.7.0-r3
7.7.0-r4
7.7.0-r5
7.7.0-r6
7.7.0-r7
7.7.0-r8
7.7.1-r0
7.8.0-r0
7.8.0-r1
Alpine:v3.19 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.8.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
7.4.0-r2
7.5.0-r0
7.5.0-r1
7.5.0-r2
7.5.0-r3
7.5.0-r4
7.7.0-r0
7.7.0-r1
7.7.0-r2
7.7.0-r3
7.7.0-r4
7.7.0-r5
7.7.0-r6
7.7.0-r7
7.7.0-r8
7.7.1-r0
7.8.0-r0
7.8.0-r1
Alpine:v3.20 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.8.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
7.4.0-r2
7.5.0-r0
7.5.0-r1
7.5.0-r2
7.5.0-r3
7.5.0-r4
7.7.0-r0
7.7.0-r1
7.7.0-r2
7.7.0-r3
7.7.0-r4
7.7.0-r5
7.7.0-r6
7.7.0-r7
7.7.0-r8
7.7.1-r0
7.8.0-r0
7.8.0-r1
Alpine:v3.21 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:apk/alpine/heimdal?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.8.0-r2
Affected versions
1.*
1.2.1-r0
1.2.1-r1
1.2.1-r2
1.2.1-r3
1.2.1-r4
1.3.1-r0
1.3.1-r1
1.3.1-r2
1.3.1-r3
1.3.1-r4
1.3.1-r5
1.3.3-r0
1.4-r0
1.4-r1
1.4-r2
1.4-r3
1.4-r4
1.4-r5
1.4-r6
1.4-r7
1.4-r8
1.4-r9
1.4-r10
1.4-r11
1.5-r2
1.5.2-r3
1.5.2-r4
1.5.2-r5
1.5.2-r6
1.5.2-r7
1.5.2-r8
1.5.3-r0
1.5.3-r1
1.6_rc2-r1
1.6_rc2-r2
1.6_rc2-r3
1.6_rc2-r4
1.6_rc2-r5
7.*
7.1.0-r0
7.1.0-r1
7.4.0-r0
7.4.0-r1
7.4.0-r2
7.5.0-r0
7.5.0-r1
7.5.0-r2
7.5.0-r3
7.5.0-r4
7.7.0-r0
7.7.0-r1
7.7.0-r2
7.7.0-r3
7.7.0-r4
7.7.0-r5
7.7.0-r6
7.7.0-r7
7.7.0-r8
7.7.1-r0
7.8.0-r0
7.8.0-r1
Debian:11 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:deb/debian/heimdal?arch=source
Debian:12 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:deb/debian/heimdal?arch=source
Debian:13 / heimdal
Package
- Name
- heimdal
- Purl
- pkg:deb/debian/heimdal?arch=source
Git / github.com/heimdal/heimdal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/heimdal/heimdal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
Affected versions
Other
git2svn-syncpoint-master
switch-from-svn-to-git
heimdal-1.*
heimdal-1.3.0pre1
heimdal-1.3.0pre10
heimdal-1.3.0pre11
heimdal-1.3.0pre3
heimdal-1.3.0pre4
heimdal-1.3.0pre5
heimdal-1.3.0pre6
heimdal-1.3.0pre7
heimdal-1.3.0pre8
heimdal-1.3.0pre9
heimdal-1.3.0rc1
heimdal-1.5pre1
heimdal-1.5pre2
heimdal-7.*
heimdal-7.0.1
heimdal-7.0.2
heimdal-7.0.3
heimdal-7.1.0
heimdal-7.1rc1
heimdal-7.2.0
heimdal-7.3.0
heimdal-7.4.0
heimdal-7.5.0
heimdal-7.6.0
heimdal-7.7.0
heimdal-7.7.1
heimdal-7.8.0
upstream-1.*
upstream-1.4.0+git20101228.dfsg.1
upstream-1.4.0+git20110220.dfsg.1