Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-42898

Published: 25/12/2022 Updated: 08/10/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Kerberos 5

Vulnerability Summary

PAC parsing in MIT Kerberos 5 (aka krb5) prior to 1.19.4 and 1.20.x prior to 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal prior to 7.7.1 has "a similar bug."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mit kerberos 5

mit kerberos 5 1.20

heimdal project heimdal

samba samba

Vendor Advisories

Debian CVElist Bug Report Logs: heimdal: CVE-2022-44640 CVE-2022-42898 CVE-2022-3437 CVE-2021-44758
Debian Bug report logs - #1024187 heimdal: CVE-2022-44640 CVE-2022-42898 CVE-2022-3437 CVE-2021-44758 Package: src:heimdal; Maintainer for src:heimdal is Brian May <bam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 15 Nov 2022 21:30:02 UTC Severity: grave Tags: security, upstream Foun ...
Ubuntu Security Notice: USN-5822-1: Samba vulnerabilities
Several security issues were fixed in Samba ...
Ubuntu Security Notice: USN-5800-1: Heimdal vulnerabilities
Several security issues were fixed in Heimdal ...
Ubuntu Security Notice: USN-5828-1: Kerberos vulnerabilities
Several security issues were fixed in Kerberos ...
Debian Security Advisories: DSA-5286-1 krb5 -- security update
Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash) For the stable ...
Debian Security Advisories: DSA-5287-1 heimdal -- security update
Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos CVE-2021-3671 Joseph Sutton discovered that the Heimdal KDC does not validate that the server name in the TGS-REQ is present before dereferencing, which may result in denial of service CVE-2021-44758 It ...
Amazon Linux 2: ALAS2-2023-1915
Integer overflow vulnerabilities in PAC parsing (CVE-2022-42898) ...
Amazon Linux AMI: ALAS-2023-1680
Integer overflow vulnerabilities in PAC parsing (CVE-2022-42898) ...
Amazon Linux AMI: ALAS-2023-1667
Integer overflow vulnerabilities in PAC parsing (CVE-2022-42898) ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-2828 samba 4174-4 4175-1 Unknown Fixed ...
Red Hat: Important: krb5 security update
Synopsis Important: krb5 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for krb5 is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rated this ...
Red Hat: Important: krb5 security update
Synopsis Important: krb5 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for krb5 is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rated this ...
Red Hat: Important: krb5 security update
Synopsis Important: krb5 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for krb5 is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Security has ...
Red Hat: Important: krb5 security update
Synopsis Important: krb5 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for krb5 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a securi ...
Red Hat: Important: krb5 security update
Synopsis Important: krb5 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for krb5 is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rated this ...
Red Hat: Important: krb5 security update
Synopsis Important: krb5 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for krb5 is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a securi ...
Red Hat: Important: krb5 security update
Synopsis Important: krb5 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for krb5 is now available for Red Hat Enterprise Linux 6 Extended Lifecycle SupportRed Hat Product Security has rated thi ...
Red Hat: Important: krb5 security update
Synopsis Important: krb5 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for krb5 is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Linux 82 Telecommu ...
Red Hat: Low: RHACS 3.73 enhancement and security update
Synopsis Low: RHACS 373 enhancement and security update Type/Severity Security Advisory: Low Topic Updated images are now available for Red Hat Advanced Cluster Security (RHACS) The updated image includes new features and bug fixesRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scor ...
Red Hat: Important: Service Telemetry Framework 1.5.2 security update
Synopsis Important: Service Telemetry Framework 152 security update Type/Severity Security Advisory: Important Topic An update is now available for Service Telemetry Framework 152Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat: Important: krb5 security update
Synopsis Important: krb5 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for krb5 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a securi ...
Red Hat: Important: Red Hat Virtualization Host security update [ovirt-4.5.3-3]
Synopsis Important: Red Hat Virtualization Host security update [ovirt-453-3] Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virt ...
Red Hat: Moderate: Red Hat OpenShift (Logging Subsystem) security update
Synopsis Moderate: Red Hat OpenShift (Logging Subsystem) security update Type/Severity Security Advisory: Moderate Topic Logging Subsystem 561 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rat ...
Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.10 security and bug fix update
Synopsis Important: Migration Toolkit for Containers (MTC) 1710 security and bug fix update Type/Severity Security Advisory: Important Topic The Migration Toolkit for Containers (MTC) 1710 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...
Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update
Synopsis Moderate: OpenShift API for Data Protection (OADP) 112 security and bug fix update Type/Severity Security Advisory: Moderate Topic OpenShift API for Data Protection (OADP) 112 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Moderate: RHSA: Submariner 0.14 - bug fix and security updates
Synopsis Moderate: RHSA: Submariner 014 - bug fix and security updates Type/Severity Security Advisory: Moderate Topic Submariner 014 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 27Red Hat Product Security has rated this update as having a ...
Red Hat: Moderate: RHSA: Submariner 0.13.3 - security updates and bug fixes
Synopsis Moderate: RHSA: Submariner 0133 - security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Submariner 0133 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 26Red Hat Product Security has rated this update as hav ...
Red Hat: Important: Network observability 1.1.0 security update
Synopsis Important: Network observability 110 security update Type/Severity Security Advisory: Important Topic Network observability 110 release for OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rati ...
Red Hat: Moderate: Service Binding Operator security update
Synopsis Moderate: Service Binding Operator security update Type/Severity Security Advisory: Moderate Topic An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 49Red Hat Product Security has rated this update as having a security i ...
Red Hat: Moderate: Release of OpenShift Serverless 1.27.0
Synopsis Moderate: Release of OpenShift Serverless 1270 Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1270The References section contains CVE links providing detailed severity ratingsfor each vulnerability Ratings are based on a Common Vulnerability ScoringSystem (CVSS) base score Description Version ...
Red Hat: Important: Red Hat OpenShift Service Mesh 2.3.1 Containers security update
Synopsis Important: Red Hat OpenShift Service Mesh 231 Containers security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh 231 ContainersRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a deta ...
Red Hat: Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images
Synopsis Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images Type/Severity Security Advisory: Important Topic Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware ContainersRed Hat Product Security has rated this u ...
Red Hat: Moderate: OpenShift Container Platform 4.11.20 security update
Synopsis Moderate: OpenShift Container Platform 41120 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41120 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impactof ...
Red Hat: Important: Migration Toolkit for Applications security and bug fix update
Synopsis Important: Migration Toolkit for Applications security and bug fix update Type/Severity Security Advisory: Important Topic Migration Toolkit for Applications 601 releaseRed Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score, whichgives a detail ...
Red Hat: Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update
Synopsis Moderate: Secondary Scheduler Operator for Red Hat OpenShift 111 security update Type/Severity Security Advisory: Moderate Topic Secondary Scheduler Operator for Red Hat OpenShift 111Red Hat Product Security has rated this update as having a security impact ofModerate A Common Vulnerability Scoring System (CVSS) base score, whic ...
Red Hat: Important: Migration Toolkit for Runtimes security update
Synopsis Important: Migration Toolkit for Runtimes security update Type/Severity Security Advisory: Important Topic An update is now available for Migration Toolkit for Runtimes (v101)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score, whichgives a ...
Red Hat: Important: Red Hat Advanced Cluster Management 2.6.3 security update
Synopsis Important: Red Hat Advanced Cluster Management 263 security update Type/Severity Security Advisory: Important Topic Red Hat Advanced Cluster Management for Kubernetes 263 GeneralAvailability release images, which provide security updates, fix bugs, and update container imagesRed Hat Product Security has rated this update as havi ...
Red Hat: Moderate: OpenShift Container Platform 4.12.0 bug fix and security update
Synopsis Moderate: OpenShift Container Platform 4120 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4120 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Cont ...
Red Hat: Moderate: OpenShift Jenkins image and Jenkins agent base image security update
Synopsis Moderate: OpenShift Jenkins image and Jenkins agent base image security update Type/Severity Security Advisory: Moderate Topic Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base imageRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring Sys ...
Red Hat: Important: OpenShift Container Platform 4.11.45 bug fix and security update
Synopsis Important: OpenShift Container Platform 41145 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41145 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Red Hat: Moderate: Openshift Logging 5.3.14 bug fix release and security update
Synopsis Moderate: Openshift Logging 5314 bug fix release and security update Type/Severity Security Advisory: Moderate Topic Openshift Logging Bug Fix Release (5314)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...
Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update
Synopsis Moderate: Migration Toolkit for Containers (MTC) 176 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 176 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update
Synopsis Important: Red Hat OpenShift Data Foundation 4130 security and bug fix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4130 on Red Hat Enterprise Linux 9Red Hat ...
Red Hat: Important: OpenShift Virtualization 4.12.0 Images security update
Synopsis Important: OpenShift Virtualization 4120 Images security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 412 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Amazon Linux 2022: ALAS2022-2023-271
Integer overflow vulnerabilities in PAC parsing (CVE-2022-42898) ...
Amazon Linux 2022: ALAS2022-2023-272
Integer overflow vulnerabilities in PAC parsing (CVE-2022-42898) ...
Palo Alto Networks Security Advisory: PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-190https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583https://bugzilla.samba.org/show_bug.cgi?id=15203https://web.mit.edu/kerberos/advisories/https://www.samba.org/samba/security/CVE-2022-42898.htmlhttps://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3chttps://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txthttps://web.mit.edu/kerberos/krb5-1.19/https://security.netapp.com/advisory/ntap-20230216-0008/https://security.netapp.com/advisory/ntap-20230223-0001/https://security.gentoo.org/glsa/202309-06https://security.gentoo.org/glsa/202310-06https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5822-1https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook