CVE-2022-3437

NameCVE-2022-3437
DescriptionBuffer overflow in Heimdal unwrap_des3()
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3206-1, DSA-5287-1
Debian Bugs1024187

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
heimdal (PTS)buster7.5.0+dfsg-3vulnerable
buster (security)7.5.0+dfsg-3+deb10u1fixed
bullseye7.7.0+dfsg-2vulnerable
bullseye (security)7.7.0+dfsg-2+deb11u2fixed
bookworm7.7.0+dfsg-6vulnerable
sid7.8.git20221115.a6cf945+dfsg-1fixed
samba (PTS)buster, buster (security)2:4.9.5+dfsg-5+deb10u3vulnerable
bullseye (security), bullseye2:4.13.13+dfsg-1~deb11u5vulnerable
bookworm, sid2:4.17.3+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
heimdalsourcebuster7.5.0+dfsg-3+deb10u1DLA-3206-1
heimdalsourcebullseye7.7.0+dfsg-2+deb11u2DSA-5287-1
heimdalsource(unstable)7.8.git20221115.a6cf945+dfsg-11024187
sambasource(unstable)2:4.16.6+dfsg-1

Notes

https://www.samba.org/samba/security/CVE-2022-3437.html
https://bugzilla.samba.org/show_bug.cgi?id=15134
https://github.com/heimdal/heimdal/security/advisories/GHSA-45j3-5v39-rf9j
https://github.com/heimdal/heimdal/commit/f6edaafcfefd843ca1b1a041f942a853d85ee7c3 (heimdal-7.7.1)
https://github.com/heimdal/heimdal/commit/c9cc34334bd64b08fe91a2f720262462e9f6bb49 (heimdal-7.7.1)
https://github.com/heimdal/heimdal/commit/a587a4bcb28d5b9047f332573b1e7c8f89ca3edd (heimdal-7.7.1)
https://github.com/heimdal/heimdal/commit/c758910eaad3c0de2cfb68830a661c4739675a7d (heimdal-7.7.1)
https://github.com/heimdal/heimdal/commit/414b2a77fd61c26d64562e3800dc5578d9d0f15d (heimdal-7.7.1)
https://github.com/heimdal/heimdal/commit/be9bbd93ed8f204b4bc1b92d1bc3c16aac194696 (heimdal-7.7.1)
https://github.com/heimdal/heimdal/commit/c8407ca079294d76a5ed140ba5b546f870d23ed2 (heimdal-7.7.1)
https://github.com/heimdal/heimdal/commit/8fb508a25a6a47289c73e3f4339352a73a396eef (heimdal-7.7.1)

Search for package or bug name: Reporting problems