Vulnerability DatabaseCVE-2022-44640

CVE-2022-44640:
NixOS vulnerability analysis and mitigation

Overview

CVE-2022-44640 is a critical vulnerability discovered in Heimdal versions before 7.7.1, affecting the ASN.1 codec used by the Key Distribution Center (KDC). The vulnerability was disclosed on December 25, 2022, and allows remote attackers to execute arbitrary code due to an invalid free operation (MITRE CVE, NVD).

Technical details

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue stems from an invalid free operation in the ASN.1 codec specifically used by the Key Distribution Center (KDC) component (GitHub Advisory).

Impact

Successful exploitation of this vulnerability could lead to remote code execution on affected Heimdal KDC servers, potentially allowing attackers to execute arbitrary code with system privileges. The vulnerability affects confidentiality, integrity, and availability of the system, with high impact ratings across all three security metrics (Rapid7).

Mitigation and workarounds

The primary mitigation is to upgrade to Heimdal version 7.7.1 or later. Various distributions have released security updates to address this vulnerability, including Ubuntu, Debian, and Gentoo. For Ubuntu systems, security updates are available for multiple versions including focal (20.04 LTS) and bionic (18.04 LTS) (Debian Security, Gentoo Security).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer?

Request vulnerability assessment

9.8

Score

Published December 25, 2022

Severity CRITICAL

CNA Score 9.8

Affected Technologies

NixOS
Samba

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 82.8

Exploitation Probability (EPSS) 2

Affected packages and libraries

libkadm5srv8
libotp0

Sources

Alpine Security Tracker
- Alpine 3.10, 3.11, 3.12, 3.13 Severity CRITICALHas FixAdded at: Dec 03, 2023
- Alpine 3.14 Severity CRITICALHas FixAdded at: Nov 19, 2022
- Alpine 3.15, 3.16 Severity CRITICALHas FixAdded at: Feb 09, 2023
- Alpine 3.17 Severity CRITICALHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity CRITICALHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity CRITICALHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity CRITICALHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity CRITICALHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity CRITICALHas FixAdded at: Jun 01, 2025
- Alpine edge Severity CRITICALHas FixAdded at: Jun 19, 2023
CBL-Mariner
- CBL-Mariner 1.0 Severity CRITICALHas FixAdded at: Jun 10, 2023
- CBL-Mariner 3.0 Severity CRITICALHas FixAdded at: May 04, 2025
Chainguard
- Chainguard Has FixAdded at: Sep 03, 2025
Debian Security Tracker
- Debian 10, 11, 12 Severity CRITICALHas FixAdded at: Nov 16, 2022
- Debian 13 Severity CRITICALHas FixAdded at: Jun 11, 2023
- Debian 14 Severity CRITICALHas FixAdded at: Aug 10, 2025
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Oct 09, 2023
Homebrew
- Homebrew Severity CRITICALHas FixAdded at: Feb 12, 2024
Nix
- Nix Severity CRITICALHas FixAdded at: Oct 10, 2023
Photon Security Advisory
- Photon 3.0 Severity CRITICALHas FixAdded at: Jul 04, 2023
Ubuntu Security Tracker
- Ubuntu 14.04, 16.04, 18.04, 20.04 Severity MEDIUMHas FixAdded at: Dec 07, 2022
- Ubuntu 22.04 Severity MEDIUMNo FixAdded at: Dec 07, 2022
- Ubuntu 24.04 Severity MEDIUMNo FixAdded at: May 06, 2024
- Ubuntu 24.10 Severity MEDIUMNo FixAdded at: Dec 10, 2024
- Ubuntu 25.04 Severity MEDIUMNo FixAdded at: May 08, 2025
Wolfi
- Wolfi Has FixAdded at: Sep 01, 2025
NVD
- Linux Severity CRITICALHas FixAdded at: May 17, 2023