CVE-2022-44640

CRITICAL

Heimdal < 7.7.1 - Double Free

Title source: rule

Description

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).

References (3)

[Third Party Advisory] https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20230216-0008/

[Third Party Advisory] https://security.gentoo.org/glsa/202310-06

Scores

CVSS v3 9.8

EPSS 0.0184

EPSS Percentile 82.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (2)

heimdal_project/heimdal < 7.7.1

samba/samba < 4.15.3

Timeline

Published Dec 25, 2022

Tracked Since Feb 18, 2026