CVE-2022-42898 MIT Kerberos 5 has an integer overflow that may lead to remote code execution on 32-bit platforms.
This vulnerability was reported by the Redteam Pentesting team, who also discovered and reported another vulnerability in Heimdal that's worth pointing out: the Heimdal implementation of RSA decryption is vulnerable to a padding oracle attack. This may result in decrypted data being returned to an attacker, if an application is vulnerable to a different padding oracle attack. This may lead to decrypted data being returned to an attacker, if an application is vulnerable to a different padding oracle attack. This may lead to decrypted data being returned to an attacker, if an application is vulnerable to a different padding oracle attack. Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Juniper Jun
Heimdal Decryption Vulnerability
The vulnerability is caused due to an insufficiently strong key in the Heimdal implementation of RSA decryption. If a specially crafted encrypted message is received, then it will be possible to decrypt that message with a weaker key than originally intended. This may lead to decrypted data being returned to an attacker, if an application is vulnerable to a different padding oracle attack.
Summary of table
Juniper Juniper Juniper Juniper Juniper Juniper
Table of vulnerable products.
Timeline
Published on: 12/25/2022 06:15:00 UTC
Last modified on: 01/05/2023 20:28:00 UTC
References
- https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583
- https://bugzilla.samba.org/show_bug.cgi?id=15203
- https://web.mit.edu/kerberos/advisories/
- https://www.samba.org/samba/security/CVE-2022-42898.html
- https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c
- https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt
- https://web.mit.edu/kerberos/krb5-1.19/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42898