{"vuid":"VU#730793","idnumber":"730793","name":"Heimdal Kerberos vulnerable to remotely triggered NULL pointer dereference","keywords":null,"overview":"### Overview\r\nThe Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.\r\n\r\n### Description\r\n\r\n**CVE-2022-3116**\r\nA flawed logical condition in lib/gssapi/spnego/accept_sec_context.c allows a malicious actor to remotely trigger a NULL pointer dereference using a crafted negTokenInit token.\r\n\r\n### Impact\r\nAn attacker can use a specially crafted network packet to cause a vulnerable application to crash.\r\n### Solution\r\nThe latest version of code in the Heimdal master branch fixes the issue. However, the current stable release 7.7.0 does not include the fix. \r\n\r\n### Acknowledgements\r\nThanks to Internet Systems Consortium for reporting the vulnerability.\r\n\r\nThis document was written by Kevin Stephens.","clean_desc":null,"impact":null,"resolution":null,"workarounds":null,"sysaffected":null,"thanks":null,"author":null,"public":[],"cveids":["CVE-2022-3116"],"certadvisory":null,"uscerttechnicalalert":null,"datecreated":"2022-10-07T19:25:00.461580Z","publicdate":"2022-10-07T19:24:58.139750Z","datefirstpublished":"2022-10-07T19:25:00.480694Z","dateupdated":"2023-07-13T17:43:08.496028Z","revision":6,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":null,"cvss_basevector":null,"cvss_temporalscore":null,"cvss_environmentalscore":null,"cvss_environmentalvector":null,"metric":null,"vulnote":75}