CVE-2022-44640
9.8
CRITICAL
CVSS 3.1
EPSS 1.6%
Description
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
How to fix CVE-2022-44640
To remediate CVE-2022-44640, upgrade the affected package to a fixed version below.
- Alpine/heimdal—upgrade to 7.7.1-r0 or later
- Debian/heimdal—upgrade to 7.7.0+dfsg-2+deb11u2 or later
- —no fix listed
Is CVE-2022-44640 being exploited?
Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 7.7.1-r0
- from 0, < 7.7.0+dfsg-2+deb11u2
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |