VDB

GCVE-110-MAGEIA-2023-98

GCVE-110-MAGEIA-2023-98
Advisory Published
Vulnetix · Advisory published March 18, 2023
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. (CVE-2022-45142)

Affected Products

VendorProductVersionsPlatforms
Mageiaopenipmi2.0.34-1.mga9 (unaffected), 0 (affected)
Mageiaheimdal0 (affected), 7.7.1-1.3.mga8 (unaffected), 0 (affected), 7.7.1-1.3.mga8 (unaffected)
Mageiaopenipmi0 (affected), 2.0.34-1.mga8 (unaffected)

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›