CVE-2022-42898 - OpenCVE

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Mit	Kerberos 5
Samba	Samba
Heimdal Project	Heimdal

Configuration 1 [-]

OR	cpe:2.3:a:mit:kerberos_5::::::::
	cpe:2.3:a:mit:kerberos_5:1.20:-::::::
	cpe:2.3:a:mit:kerberos_5:1.20:beta1::::::

Configuration 2 [-]

cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::

References

Link	Resource
https://bugzilla.samba.org/show_bug.cgi?id=15203	Exploit Issue Tracking Patch Third Party Advisory
https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c	Third Party Advisory
https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583	Patch Third Party Advisory
https://security.gentoo.org/glsa/202309-06
https://security.gentoo.org/glsa/202310-06
https://security.netapp.com/advisory/ntap-20230216-0008/
https://security.netapp.com/advisory/ntap-20230223-0001/
https://web.mit.edu/kerberos/advisories/	Vendor Advisory
https://web.mit.edu/kerberos/krb5-1.19/	Release Notes Vendor Advisory
https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt	Vendor Advisory
https://www.samba.org/samba/security/CVE-2022-42898.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-25T00:00:00

Updated: 2023-10-08T08:06:38.475643

Reserved: 2022-10-13T00:00:00

Link: CVE-2022-42898

JSON object: View

NVD Information

Status : Modified

Published: 2022-12-25T06:15:09.427

Modified: 2023-10-08T09:15:10.937

Link: CVE-2022-42898

JSON object: View

Redhat Information

No data.

CWE

CWE-190

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DDDCA5D-623C-47CD-A5D3-BD16A066BEBC", "versionEndExcluding": "1.19.4", "versionStartIncluding": "1.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.20:-:*:*:*:*:*:*", "matchCriteriaId": "C4D88C23-3917-4891-B9D0-694FCC55B6A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.20:beta1:*:*:*:*:*:*", "matchCriteriaId": "BEDE8B47-EBE0-487C-A52A-8D5F0F5AD851", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*", "matchCriteriaId": "537FE65E-6E3F-4441-8B35-7B48214EA04D", "versionEndExcluding": "7.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "659BA682-BA94-493F-8EE1-235661CC958D", "versionEndExcluding": "4.15.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D8363DE-B7A3-409B-A485-29B4FA053BFB", "versionEndExcluding": "4.16.7", "versionStartIncluding": "4.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "663B7A0D-CCBB-4EDC-A0E3-97F03E636BD2", "versionEndExcluding": "4.17.3", "versionStartIncluding": "4.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\""}, {"lang": "es", "value": "El an\u00e1lisis sint\u00e1ctico de PAC en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) antes de 1.19.4 y 1.20.x antes de 1.20.1 tiene desbordamientos de enteros que pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo (en KDC, kadmind, o un servidor de aplicaciones GSS o Kerberos) en plataformas de 32 bits (que tienen un desbordamiento de b\u00fafer resultante), y causar una denegaci\u00f3n de servicio en otras plataformas. Esto ocurre en krb5_pac_parse en lib/krb5/krb/pac.c. Heimdal antes de 7.7.1 tiene \"un bug similar\"."}], "id": "CVE-2022-42898", "lastModified": "2023-10-08T09:15:10.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-25T06:15:09.427", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=15203"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202309-06"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202310-06"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20230223-0001/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://web.mit.edu/kerberos/advisories/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://web.mit.edu/kerberos/krb5-1.19/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.samba.org/samba/security/CVE-2022-42898.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}