CVE-2022-44640
moderate-risk
Published 2022-12-25
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
Do I need to act?
~
1.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 78077c39e355766221383ee48c8b9be0459a82a4, 0c85a0adaa57df2541ec2d395d1f7cf936bc2e43, 6cc6e233b5ceb2a579400f020b61c67ca7bbeb78, ab48448c650c96095fa183c3531a3dd244983664
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (2)
Heimdal
Affected Vendors
References (6)
Third Party Advisory
https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230216-0008/
Third Party Advisory
https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230216-0008/
43
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
4/34 · Minimal
Exposure
7/34 · Low