VDB
ALPINE-CVE-2022-44640
ALPINE-CVE-2022-44640
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.19 | heimdal | 1.2.1-r3, 7.1.0-r1, 7.4.0-r0 |
| Alpine:v3.21 | heimdal | 1.2.1-r1, 1.2.1-r0, 0 |
| Alpine:v3.20 | heimdal | 7.5.0-r1, 1.2.1-r1, 1.2.1-r0 |
| Alpine:v3.22 | heimdal | 7.1.0-r1, 7.7.0-r8, 7.7.0-r7 |
| Alpine:v3.23 | heimdal | 0, 1.2.1-r0, 1.2.1-r1 |
| Alpine:v3.18 | heimdal | 1.3.3-r0, 1.2.1-r0, 1.2.1-r1 |
| Alpine:v3.14 | heimdal | 7.7.0-r4, 1.2.1-r0, 1.2.1-r1 |
| Alpine:v3.15 | heimdal | 1.2.1-r0, 0, * |
| Alpine:v3.17 | heimdal | 7.7.0-r8, 0, 1.2.1-r0 |
| Alpine:v3.16 | heimdal | 7.7.0-r8, 1.3.3-r0, * |
Timeline
- Dec 25, 2022 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch