Wireshark · Wireshark-dev: [Wireshark-dev] Clarification on Heimdal Kerberos CVEs in Wireshark 4.0.17

Wireshark-dev: [Wireshark-dev] Clarification on Heimdal Kerberos CVEs in Wireshark 4.0.17

From: kundan kumar <kundank3069@xxxxxxxxx>

Date: Fri, 17 Apr 2026 19:22:01 +0530

Hi Wireshark Team,

Our vulnerability scanner has flagged 10 Heimdal Kerberos CVEs against Wireshark 4.0.17 by scanning libwireshark.so.16.0.17. We need your guidance on their applicability.

CVEs flagged:

CVE ID           CVSS   Description
------------------------------------------------------------
CVE-2022-44640   9.8    Heimdal ASN.1 codec RCE (invalid free)
CVE-2022-42898   8.8    Heimdal PAC parsing integer overflow RCE/DoS
CVE-2017-11103   7.4    Heimdal Orpheus' Lyre Kerberos impersonation
CVE-2018-16860   7.5    Heimdal KDC principal MITM
CVE-2019-12098   7.4    Heimdal PKINIT key exchange MITM
CVE-2017-6594    7.5    Heimdal transit path validation bypass
CVE-2017-17439   7.5    Heimdal KDC NULL pointer deref DoS
CVE-2021-44758   7.5    Heimdal SPNEGO NULL pointer deref DoS
CVE-2022-3116    7.5    Heimdal NULL pointer deref DoS
CVE-2022-41916   7.5    Heimdal PKI cert validation DoS

Our questions:

Which version of Heimdal Kerberos does Wireshark 4.0.17 bundle or use internally?
Do any of these 10 CVEs affect Wireshark 4.0.17?
- If yes, which Wireshark version should we upgrade to for the fix?
- If no, can you confirm why?

Thank you for your time.

Best regards,
Kundan Kumar

Follow-Ups:
- [Wireshark-dev] Re: Clarification on Heimdal Kerberos CVEs in Wireshark 4.0.17
  - From: John Thacker

Prev by Date: [Wireshark-dev] Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
Next by Date: [Wireshark-dev] Re: Clarification on Heimdal Kerberos CVEs in Wireshark 4.0.17
Previous by thread: [Wireshark-dev] Re: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
Next by thread: [Wireshark-dev] Re: Clarification on Heimdal Kerberos CVEs in Wireshark 4.0.17
Index(es):
- Date
- Thread