VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-2svs-kh37-aaaa

Essentials
Severities (97)
References (18)
Severity details (13)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-2svs-kh37-aaaa
Aliases	CVE-2022-41916
Summary	Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-193

Off-by-one Error

System	Score	Found at
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00381	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
epss	0.00383	https://api.first.org/data/v1/epss?cve=CVE-2022-41916
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
cvssv3.1	5.9	https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx
ssvc	Track	https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx
cvssv3.1	5.9	https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-41916
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-41916
cvssv3.1	5.9	https://security.gentoo.org/glsa/202310-06
ssvc	Track	https://security.gentoo.org/glsa/202310-06
cvssv3.1	5.9	https://security.netapp.com/advisory/ntap-20230216-0008/
ssvc	Track	https://security.netapp.com/advisory/ntap-20230216-0008/
cvssv3.1	5.9	https://www.debian.org/security/2022/dsa-5287
ssvc	Track	https://www.debian.org/security/2022/dsa-5287

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-41916
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640
		https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx
		https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html
		https://security.netapp.com/advisory/ntap-20230216-0008/
		https://www.debian.org/security/2022/dsa-5287
1024187		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187
cpe:2.3:a:heimdal_project:heimdal::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:heimdal_project:heimdal::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
CVE-2022-41916		https://nvd.nist.gov/vuln/detail/CVE-2022-41916
GLSA-202310-06		https://security.gentoo.org/glsa/202310-06
USN-5766-1		https://usn.ubuntu.com/5766-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:33Z/ Found at https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:33Z/ Found at https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-41916

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-41916

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202310-06

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:33Z/ Found at https://security.gentoo.org/glsa/202310-06

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20230216-0008/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:33Z/ Found at https://security.netapp.com/advisory/ntap-20230216-0008/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2022/dsa-5287

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:33Z/ Found at https://www.debian.org/security/2022/dsa-5287

Exploit Prediction Scoring System (EPSS)

Percentile	0.4146
EPSS Score	0.00217
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.