{"id":"CVE-2022-44640","details":"Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).","modified":"2026-04-16T04:35:02.035022808Z","published":"2022-12-25T05:15:11.103Z","related":["GHSA-88pm-hfmq-7vv4","openSUSE-SU-2023:0019-1","openSUSE-SU-2023:0020-1","openSUSE-SU-2024:12580-1","openSUSE-SU-2024:12587-1"],"references":[{"type":"ADVISORY","url":"https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202310-06"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230216-0008/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/heimdal/heimdal","events":[{"introduced":"0"},{"fixed":"78077c39e355766221383ee48c8b9be0459a82a4"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"7.7.1"}]}},{"type":"GIT","repo":"https://github.com/samba-team/samba","events":[{"introduced":"fc8342bd26d1c55ca5780b427f675f31147b27f9"},{"fixed":"0c85a0adaa57df2541ec2d395d1f7cf936bc2e43"},{"introduced":"e95d85f784ae6b19f2cb42cc9039b60b146e5b69"},{"fixed":"6cc6e233b5ceb2a579400f020b61c67ca7bbeb78"},{"introduced":"fbec737d9d3d992b54f52defcba62a304efef8f7"},{"fixed":"ab48448c650c96095fa183c3531a3dd244983664"}],"database_specific":{"versions":[{"introduced":"4.15.0"},{"fixed":"4.15.3"},{"introduced":"4.16.0"},{"fixed":"4.16.8"},{"introduced":"4.17.0"},{"fixed":"4.17.4"}]}}],"versions":["git2svn-syncpoint-master","heimdal-1.3.0pre1","heimdal-1.3.0pre10","heimdal-1.3.0pre11","heimdal-1.3.0pre3","heimdal-1.3.0pre4","heimdal-1.3.0pre5","heimdal-1.3.0pre6","heimdal-1.3.0pre7","heimdal-1.3.0pre8","heimdal-1.3.0pre9","heimdal-1.3.0rc1","heimdal-1.5pre1","heimdal-1.5pre2","heimdal-7.0.1","heimdal-7.0.2","heimdal-7.0.3","heimdal-7.1.0","heimdal-7.1rc1","heimdal-7.2.0","heimdal-7.3.0","heimdal-7.4.0","heimdal-7.5.0","heimdal-7.6.0","heimdal-7.7.0","ldb-2.4.1","ldb-2.5.1","ldb-2.5.2","samba-4.15.0","samba-4.15.1","samba-4.15.2","samba-4.16.0","samba-4.16.1","samba-4.16.2","samba-4.16.3","samba-4.16.4","samba-4.16.5","samba-4.17.0","samba-4.17.1","samba-4.17.2","switch-from-svn-to-git","upstream-1.4.0+git20101228.dfsg.1","upstream-1.4.0+git20110220.dfsg.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-44640.json","vanir_signatures_modified":"2026-04-12T03:22:21Z","vanir_signatures":[{"source":"https://github.com/heimdal/heimdal/commit/78077c39e355766221383ee48c8b9be0459a82a4","deprecated":false,"digest":{"line_hashes":["185684756605390238103334007784352789624","7131579695216385856922531758292910060","96067565823201056646313325968740529266","307324062224806380958204996069287421659"],"threshold":0.9},"signature_version":"v1","id":"CVE-2022-44640-7e74d481","target":{"file":"include/bits.c"},"signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}