DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2022-45142

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-45142

CGA ID

CGA-h7j3-g9pf-qcfh

Severity

7.5

High

CVSS V3

Description

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.

References

  • https://images.chainguard.dev/security/CGA-h7j3-g9pf-qcfh

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images