FreeBSD: VID-97c1b0f7-47b9-11ee-8e38-002590c1f29c (CVE-2022-44640): FreeBSD -- Multiple vulnerabilities in Heimdal

Problem Description: Multiple security vulnerabilities have been discovered in the Heimdal implementation of the Kerberos 5 network authentication protocols and KDC. CVE-2022-42898 PAC parse integer overflows CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec CVE-2019-14870 Validate client attributes in protocol-transition CVE-2019-14870 Apply forwardable policy in protocol-transition CVE-2019-14870 Always lookup impersonate client in DB Impact: A malicious actor with control of the network between a client and a service using Kerberos for authentication can impersonate either the client or the service, enabling a man-in-the-middle (MITM) attack circumventing mutual authentication. Note that, while CVE-2022-44640 is a severe vulnerability, possibly enabling remote code execution on other platforms, the version of Heimdal included with the FreeBSD base system cannot be exploited in this way on FreeBSD.