1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
samba-mirror/third_party
Nicolas Williams 2736d267aa CVE-2022-44640 HEIMDAL: asn1: invalid free in ASN.1 codec
Heimdal's ASN.1 compiler generates code that allows specially
crafted DER encodings of CHOICEs to invoke the wrong free function
on the decoded structure upon decode error.  This is known to impact
the Heimdal KDC, leading to an invalid free() of an address partly
or wholly under the control of the attacker, in turn leading to a
potential remote code execution (RCE) vulnerability.

This error affects the DER codec for all CHOICE types used in
Heimdal, though not all cases will be exploitable.  We have not
completed a thorough analysis of all the Heimdal components
affected, thus the Kerberos client, the X.509 library, and other
parts, may be affected as well.

This bug has been in Heimdal since 2005.  It was first reported by
Douglas Bagnall, though it had been found independently by the
Heimdal maintainers via fuzzing a few weeks earlier.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14929

(cherry-picked from Heimdal commit 9c9dac2b169255bad9071eea99fa90b980dde767)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Dec  6 13:41:05 UTC 2022 on sn-devel-184

(cherry picked from commit 68fc909a7f)

Autobuild-User(v4-16-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-16-test): Tue Dec  6 15:28:49 UTC 2022 on sn-devel-184
2022-12-06 15:28:49 +00:00
..
aesni-intel lib:crypto: Build intel aes-ni only if GnuTLS doesn't provide AES CMAC 2019-12-10 20:30:57 +00:00
cmocka third_party:cmocka: Fix build when used in lib/tevent 2021-07-07 05:07:30 +00:00
gpfs third_party: Update gpfs.h to 5.0.5.3 version 2020-10-05 20:06:04 +00:00
heimdal CVE-2022-44640 HEIMDAL: asn1: invalid free in ASN.1 codec 2022-12-06 15:28:49 +00:00
heimdal_build CVE-2022-3437 third_party/heimdal_build: Add gssapi-subsystem subsystem 2022-10-24 07:27:37 +02:00
nss_wrapper third_party: Update nss_wrapper to version 1.1.11 2020-04-06 17:34:53 +00:00
pam_wrapper third_party: Update pam_wrapper to version 1.1.4 2021-10-28 19:03:04 +00:00
popt third_party/popt/wscript: update to handle waf 2.0.4 2018-09-05 06:37:24 +02:00
resolv_wrapper waf: Fix resolv_wrapper with glibc 2.34 2021-11-05 11:44:30 +00:00
socket_wrapper third_party: Update socket_wrapper to version 1.3.4 2022-09-18 16:46:09 +00:00
uid_wrapper third_party: Link uid_wrapper against pthread 2019-09-25 15:39:40 +00:00
waf third_party: Update waf to version 2.0.24 2022-05-30 08:15:10 +00:00
update.sh third_party/update: forget pep8 2021-11-19 13:25:16 +00:00
wscript Remove pyiso8601 from third_party 2020-08-20 22:49:26 +00:00