search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Heimdal Kerberos vulnerable to remotely triggered NULL pointer dereference

Vulnerability Note VU#730793

Original Release Date: 2022-10-07 | Last Revised: 2022-11-09

Overview

The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.

Description

CVE-2022-3116 A flawed logical condition in lib/gssapi/spnego/accept_sec_context.c allows a malicious actor to remotely trigger a NULL pointer dereference using a crafted negTokenInit token.

Impact

An attacker can use a specially crafted network packet to cause a vulnerable application to crash.

Solution

The latest version of code in the Heimdal master branch fixes the issue. However, the current stable release 7.7.0 does not include the fix.

Acknowledgements

Thanks to the anonymous researcher for reporting this issue.

This document was written by Kevin Stephens.

Vendor Information

730793
 

FreeBSD Affected

Notified:  2021-06-22 Updated: 2022-10-07

Statement Date:   June 22, 2021

CVE-2022-3116 Affected

Vendor Statement

We have not received a statement from the vendor.

HardenedBSD Affected

Notified:  2021-06-22 Updated: 2022-10-07

Statement Date:   June 22, 2021

CVE-2022-3116 Affected

Vendor Statement

Though HardenedBSD is affected, it is not possible to create a memory allocation at the 0 (NULL) address in HardenedBSD. Thus, at its worst, this bug will crash the application.

Advantech Czech Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 24, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

Aruba Networks Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 24, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

AVM GmbH Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   February 10, 2022

CVE-2022-3116 Not Affected

Vendor Statement

Heimdal ist not in use within our products or our organisation.

Barracuda Networks Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   February 02, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

Belden Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   March 14, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

Brocade Communication Systems Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   April 06, 2022

CVE-2022-3116 Not Affected

Vendor Statement

No Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Check Point Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   February 02, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We do not distribute the code for gssapi spnego

Cradlepoint Not Affected

Notified:  2022-01-24 Updated: 2022-11-09

Statement Date:   August 22, 2022

CVE-2022-3116 Not Affected

Vendor Statement

Cradlepoint conducted a review of their offerings and the lib/gssapi/spnego/accept_sec_context.c library is not used in any of our products.

dd-wrt Not Affected

Notified:  2022-01-24 Updated: 2022-11-09

Statement Date:   August 26, 2022

CVE-2022-3116 Not Affected

Vendor Statement

Heimdal is not in use in dd-wrt. In contrary to openwrt, dd-wrt uses ksmbd instead of samba4.

Deutsche Telekom Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 24, 2022

CVE-2022-3116 Not Affected

Vendor Statement

DT is not reusing heimdal code in our branded products and is not affected.

Digi International Not Affected

Notified:  2022-01-24 Updated: 2022-11-09

Statement Date:   October 05, 2022

CVE-2022-3116 Not Affected

Vendor Statement

Digi’s platforms, infrastructure, and or services disallows kerberos/gssapi authentication from any available service and does not appear vulnerable to this exploit.

eCosCentric Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 26, 2022

CVE-2022-3116 Not Affected

Vendor Statement

Code not used in our RTOS

Hewlett Packard Enterprise Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   March 01, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

Illumos Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 24, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We do not use Heimdal in base illumos for our GSSAPI. Because the report's conditions state:

It is believed that any binary which fulfills both of the following conditions:

  • it is linked to an affected version of the Heimdal libgssapi library
  • it allows SPNEGO to be used

is vulnerable to the attack described below.

illumos should not be affected. illumos users should contact security@illumos.org if they notice GSSAPI issues, however.

Intel Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 31, 2022

CVE-2022-3116 Not Affected

Vendor Statement

Verified Heimdal not used by Intel.

Internet Initiative Japan Inc. Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 25, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

Joyent Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 24, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We do not use Heimdal in base illumos for our GSSAPI, nor in any base SmartOS or Triton pkgsrc packages. (Optional pkgsrc packages may be affected, but these are on a per package basis.) Because the report's conditions state:

It is believed that any binary which fulfills both of the following conditions:

  • it is linked to an affected version of the Heimdal libgssapi library
  • it allows SPNEGO to be used

is vulnerable to the attack described below.

SmartOS and Triton should not be affected. SmartOS users should contact security@illumos.org if they notice GSSAPI issues (as they would be with illumos), however.

LANCOM Systems GmbH Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   September 21, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

lwIP Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 24, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

McAfee Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 24, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

Microsoft Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   February 04, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

Miredo Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 24, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

Muonics Inc. Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 25, 2022

CVE-2022-3116 Not Affected

Vendor Statement

Muonics does not use Heimdal in any of its products and thus this vulnerability is not applicable.

NetComm Wireless Limited Not Affected

Notified:  2022-01-24 Updated: 2022-11-09

Statement Date:   September 13, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

netsnmp Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 26, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

Paessler Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   March 29, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

Peplink Not Affected

Notified:  2022-01-24 Updated: 2022-11-09

Statement Date:   June 07, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

Samba Not Affected

Notified:  2022-09-13 Updated: 2022-11-09

Statement Date:   October 31, 2022

CVE-2022-3116 Not Affected

Vendor Statement

Per Samba's bugzilla https://bugzilla.samba.org/show_bug.cgi?id=15204

https://samba-team.gitlab.io/samba/third_party/heimdal/lib/gssapi/spnego/index.html shows we don't run the Heimdal SPNEGO code.

Samba doesn't use Heimdal for SPNEGO, we handle the SPNEGO in GENSEC, not in Heimdal.

References

Sierra Wireless Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   March 01, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

SUSE Linux Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 27, 2022

CVE-2022-3116 Not Affected

Vendor Statement

SUSE is not shipping the heimdal krb5 implementation.

Treck Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 24, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

Zyxel Not Affected

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   April 06, 2022

CVE-2022-3116 Not Affected

Vendor Statement

We have not received a statement from the vendor.

A10 Networks Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

ACCESS Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Actelis Networks Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Actiontec Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

ADATA Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

ADTRAN Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Advantech B-B Technology Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Advantech Taiwan Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Aerohive Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

AhnLab Inc Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

AirWatch Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Akamai Technologies Inc. Unknown

Notified:  2022-01-24 Updated: 2022-11-09

Statement Date:   August 23, 2022

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Alcatel-Lucent Enterprise Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Allied Telesis Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Alpine Linux Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Altran Intelligent Systems Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Amazon Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Android Open Source Project Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

ANTlabs Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Apple Unknown

Notified:  2021-06-22 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Arcadyan Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Arch Linux Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Arista Networks Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

ARRIS Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

ASUSTeK Computer Inc. Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Atheros Communications Inc Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

AT&T Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Avaya Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Belkin Inc. Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Bell Canada Enterprises Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

BlackBerry Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Blackberry QNX Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

BlueCat Networks Inc. Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Blue Coat Systems Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Blunk Microsystems Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

BoringSSL Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Broadcom Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Buffalo Technology Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Cambium Networks Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

CA Technologies Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Ceragon Networks Inc Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Cirpack Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Cisco Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

CMX Systems Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Comcast Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Commscope Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Contiki OS Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Cricket Wireless Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Cypress Semiconductor Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

CZ.NIC Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Debian GNU/Linux Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Dell Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Dell EMC Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Dell SecureWorks Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

DesktopBSD Unknown

Notified:  2021-06-22 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Devicescape Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

D-Link Systems Inc. Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

dnsmasq Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

DragonFly BSD Project Unknown

Notified:  2021-06-22 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

eero Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

EfficientIP Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

ENEA Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Ericsson Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Espressif Systems Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

European Registry for Internet Domains Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Express Logic Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Extreme Networks Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

F5 Networks Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Fastly Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Fedora Project Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

FNet Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Force10 Networks Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Fortinet Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

FreeRTOS Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

F-Secure Corporation Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Gentoo Linux Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

GFI Software Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

GNU adns Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

GNU glibc Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Google Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Grandstream Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Green Hills Software Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

HCC Embedded Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Heimdal Kerberos Project Unknown

Notified:  2021-06-22 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Hitachi Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Honeywell Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

HP Inc. Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

HTC Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Huawei Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

IBM Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

IBM Corporation (zseries) Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

IBM Numa-Q Division (Formerly Sequent) Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

ICASI Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Infoblox Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

InfoExpress Inc. Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Inmarsat Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Internet Systems Consortium Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Internet Systems Consortium - DHCP Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

IP Infusion Inc. Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

JH Software Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

JPCERT/CC Vulnerability Handling Team Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Juniper Networks Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

kubernetes Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Lancope Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Lantronix Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Lenovo Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

LG Electronics Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

LibreSSL Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Linksys Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

LITE-ON Technology Corporation Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

LiteSpeed Technologies Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Lynx Software Technologies Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

m0n0wall Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Marconi Inc. Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Marvell Semiconductor Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

MediaTek Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Medtronic Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Men & Mice Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Metaswitch Networks Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Microchip Technology Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Micro Focus Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

MikroTik Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Mitel Networks Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Motorola Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

National Cyber Security Center Netherlands Unknown

Notified:  2022-01-24 Updated: 2022-11-09

Statement Date:   August 24, 2022

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

National Cyber Security Centre Finland Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

NCSC-FI Vulnerability Coordinator Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

NEC Corporation Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

NetBSD Unknown

Notified:  2021-06-22 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

NetBurner Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

NETGEAR Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

NETSCOUT Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

netsnmpj Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Nexenta Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

NIKSUN Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Nixu Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

NLnet Labs Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Nokia Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

OleumTech Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

OpenBSD Unknown

Notified:  2021-06-22 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

OpenBSD IPsec Unknown

Notified:  2021-06-22 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

OpenConnect Ltd Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

OpenDNS Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

OpenIndiana Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

OpenSSL Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Openwall GNU/*/Linux Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

OpenWRT Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Oracle Corporation Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Oryx Embedded Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Palo Alto Networks Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

pfSense Unknown

Notified:  2021-06-22 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Philips Electronics Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Phoenix Contact Unknown

Notified:  2022-01-24 Updated: 2022-11-09

Statement Date:   August 25, 2022

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

PHPIDS Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

PowerDNS Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Proxim Inc. Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Pulse Secure Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

QLogic Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

QNAP Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Quadros Systems Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Quagga Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Qualcomm Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Quantenna Communications Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Red Hat Unknown

Notified:  2022-01-24 Updated: 2022-10-07

Statement Date:   January 25, 2022

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Riverbed Technologies Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Roku Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Ruckus Wireless Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Ruijie Networks Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Samsung Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Samsung Mobile Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Samsung Semiconductor Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Schneider Electric Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Secure64 Software Corporation Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

SEIKO EPSON Corp. / Epson America Inc. Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Slackware Linux Inc. Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

SMC Networks Inc. Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

SmoothWall Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Snort Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

SonicWall Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Sonos Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Sony Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Sophos Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Sourcefire Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Symantec Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Synology Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

systemd Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

TCPWave Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

TDS Telecom Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Technicolor Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Tenable Network Security Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

The OpenBSD project Unknown

Notified:  2021-06-22 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

TippingPoint Technologies Inc. Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Tizen Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

TP-LINK Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

TrueOS Unknown

Notified:  2021-06-22 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Turbolinux Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Ubiquiti Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Ubuntu Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Unisys Corporation Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Univention Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Untangle Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

VMware Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Vultures List Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Wind River Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

WizNET Technology Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

wolfSSL Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Xiaomi Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

XigmaNAS Unknown

Notified:  2021-06-22 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Xilinx Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Zebra Technologies Unknown

Notified:  2022-01-24 Updated: 2022-11-09

Statement Date:   August 19, 2022

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

Zephyr Project Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

ZTE Corporation Unknown

Notified:  2022-01-24 Updated: 2022-10-07

CVE-2022-3116 Unknown

Vendor Statement

We have not received a statement from the vendor.

View all 246 vendors View less vendors


Other Information

CVE IDs: CVE-2022-3116
API URL: VINCE JSON | CSAF
Date Public: 2022-10-07
Date First Published: 2022-10-07
Date Last Updated: 2022-11-09 17:32 UTC
Document Revision: 3

Sponsored by CISA.