CVE-2022-41916

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-193
View all →

Vulnerability Description

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-1999-1568

HIGH
CVSS:7.5(High)

Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.

CWE-1931999

CVE-2002-1721

HIGH
CVSS:7.5(High)

Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte.

CWE-1932002

CVE-2002-1745

HIGH
CVSS:7.5(High)

Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, ...

CWE-1932002

CVE-2003-0625

HIGH
CVSS:7.5(High)

Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the ser...

CWE-1932003

CVE-2006-4574

HIGH
CVSS:7.5(High)

Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an...

CWE-1932006

CVE-2014-8182

HIGH
CVSS:7.5(High)

An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with craf...

CWE-1932014