Vulnerabilites related to gssapi - gss-ntlmssp
cve-2023-25567
Vulnerability from cvelistv5
Published
2023-02-14 17:35
Modified
2025-03-10 21:11
Severity ?
EPSS score ?
Summary
GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch | x_refsource_CONFIRM | |
| https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4 | x_refsource_MISC | |
| https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gssapi | gss-ntlmssp |
Version: < 1.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:25:19.291Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch", }, { name: "https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4", }, { name: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25567", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-10T20:58:40.746761Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-10T21:11:42.882Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "gss-ntlmssp", vendor: "gssapi", versions: [ { status: "affected", version: "< 1.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-14T17:35:59.571Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch", }, { name: "https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4", tags: [ "x_refsource_MISC", ], url: "https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4", }, { name: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", tags: [ "x_refsource_MISC", ], url: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", }, ], source: { advisory: "GHSA-24pf-6prf-24ch", discovery: "UNKNOWN", }, title: "GSS-NTLMSSP vulnerable to out-of-bounds read when decoding target information", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-25567", datePublished: "2023-02-14T17:35:59.571Z", dateReserved: "2023-02-07T17:10:00.738Z", dateUpdated: "2025-03-10T21:11:42.882Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25566
Vulnerability from cvelistv5
Published
2023-02-14 17:35
Modified
2025-03-10 21:11
Severity ?
EPSS score ?
Summary
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74 | x_refsource_CONFIRM | |
| https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4 | x_refsource_MISC | |
| https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gssapi | gss-ntlmssp |
Version: < 1.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:25:19.220Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74", }, { name: "https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4", }, { name: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25566", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-10T20:58:44.101141Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-10T21:11:49.420Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "gss-ntlmssp", vendor: "gssapi", versions: [ { status: "affected", version: "< 1.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401: Missing Release of Memory after Effective Lifetime", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-14T17:35:48.482Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74", }, { name: "https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4", tags: [ "x_refsource_MISC", ], url: "https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4", }, { name: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", tags: [ "x_refsource_MISC", ], url: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", }, ], source: { advisory: "GHSA-mfm4-6g58-jw74", discovery: "UNKNOWN", }, title: "GSS-NTLMSSP vulnerable to memory leak when parsing usernames", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-25566", datePublished: "2023-02-14T17:35:48.482Z", dateReserved: "2023-02-07T17:10:00.737Z", dateUpdated: "2025-03-10T21:11:49.420Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25565
Vulnerability from cvelistv5
Published
2023-02-14 17:35
Modified
2025-03-10 21:11
Severity ?
EPSS score ?
Summary
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg | x_refsource_CONFIRM | |
| https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64 | x_refsource_MISC | |
| https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gssapi | gss-ntlmssp |
Version: < 1.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:25:19.244Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg", }, { name: "https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64", }, { name: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25565", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-10T20:58:47.173215Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-10T21:11:55.214Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "gss-ntlmssp", vendor: "gssapi", versions: [ { status: "affected", version: "< 1.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-590", description: "CWE-590: Free of Memory not on the Heap", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-14T17:35:41.222Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg", }, { name: "https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64", tags: [ "x_refsource_MISC", ], url: "https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64", }, { name: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", tags: [ "x_refsource_MISC", ], url: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", }, ], source: { advisory: "GHSA-7q7f-wqcg-mvfg", discovery: "UNKNOWN", }, title: "GSS-NTLMSSP vulnerable to incorrect free when decoding target information", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-25565", datePublished: "2023-02-14T17:35:41.222Z", dateReserved: "2023-02-07T17:10:00.737Z", dateUpdated: "2025-03-10T21:11:55.214Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25563
Vulnerability from cvelistv5
Published
2023-02-14 17:35
Modified
2025-03-10 21:12
Severity ?
EPSS score ?
Summary
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point if the application allows tokens greater than 4GB in length. This can lead to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory. Version 1.2.0 contains a patch for the out-of-bounds reads.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf | x_refsource_CONFIRM | |
| https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd | x_refsource_MISC | |
| https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gssapi | gss-ntlmssp |
Version: < 1.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:25:19.176Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf", }, { name: "https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd", }, { name: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25563", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-10T20:57:41.972079Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-10T21:12:07.826Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "gss-ntlmssp", vendor: "gssapi", versions: [ { status: "affected", version: "< 1.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point if the application allows tokens greater than 4GB in length. This can lead to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory. Version 1.2.0 contains a patch for the out-of-bounds reads.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-14T17:35:08.172Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf", }, { name: "https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd", tags: [ "x_refsource_MISC", ], url: "https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd", }, { name: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", tags: [ "x_refsource_MISC", ], url: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", }, ], source: { advisory: "GHSA-jjjx-5qf7-9mgf", discovery: "UNKNOWN", }, title: "GSS-NTLMSSP vulnerable to multiple out-of-bounds reads when decoding NTLM fields", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-25563", datePublished: "2023-02-14T17:35:08.172Z", dateReserved: "2023-02-07T17:10:00.735Z", dateUpdated: "2025-03-10T21:12:07.826Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25564
Vulnerability from cvelistv5
Published
2023-02-14 17:35
Modified
2025-03-10 21:12
Severity ?
EPSS score ?
Summary
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in memory if `ntlm_str_convert()` were to fail, which would leave `outlen` uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This issue is fixed in version 1.2.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq | x_refsource_CONFIRM | |
| https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950 | x_refsource_MISC | |
| https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gssapi | gss-ntlmssp |
Version: < 1.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:25:19.239Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq", }, { name: "https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950", }, { name: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25564", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-10T20:57:39.173930Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-10T21:12:01.901Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "gss-ntlmssp", vendor: "gssapi", versions: [ { status: "affected", version: "< 1.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in memory if `ntlm_str_convert()` were to fail, which would leave `outlen` uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This issue is fixed in version 1.2.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-14T17:35:26.294Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq", }, { name: "https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950", tags: [ "x_refsource_MISC", ], url: "https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950", }, { name: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", tags: [ "x_refsource_MISC", ], url: "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", }, ], source: { advisory: "GHSA-r85x-q5px-9xfq", discovery: "UNKNOWN", }, title: "GSS-NTLMSSP vulnerable to memory corruption when decoding UTF16 strings", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-25564", datePublished: "2023-02-14T17:35:26.294Z", dateReserved: "2023-02-07T17:10:00.735Z", dateUpdated: "2025-03-10T21:12:01.901Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }