Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : GNU SASL vulnerability (USN-8356-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8356-1 advisory. It was discovered that GNU SASL did not properly handle certain DIGEST-MD5 tokens. An attacker could possibly use this issue to cause GNU SASL...

USN-8356-1 gsasl vulnerability

It was discovered that GNU SASL did not properly handle certain DIGEST-MD5 tokens. An attacker could possibly use this issue to cause GNU SASL to crash, resulting in a denial of service...

SUSE CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

Linux Distros Unpatched Vulnerability : CVE-2026-48829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This...

UBUNTU-CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

EUVD-2026-31562

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

CVE-2026-48829

Technical details (affected product/versions, root cause, impact, fixes) are not publicly available in the provided documents. Monitor for updates.

PT-2026-42903

Name of the Vulnerable Software and Affected Versions GNU SASL versions prior to 2.2.3 Description DIGEST-MD5 contains a NULL pointer dereference affecting both clients and servers. This issue occurs in the file lib/digest-md5/getsubopt.c when a known token is provided without an accompanying =...

GNU SASL 代码问题漏洞

GNU SASL is a simple authentication and security layer framework from the GNU community in the United States, which implements several common SASL mechanisms. Versions of GNU SASL prior to 2.2.3 had code vulnerabilities; these vulnerabilities stemmed from a null pointer dereferencing in the...

OESA-2026-2423 perl-Authen-SASL security update

Authen::SASL::Perl is the pure Perl implementation of SASL mechanisms in the Authen::SASL framework, At the time of this writing it provides the client part implementation for the following SASL mechanisms. Security Fixes: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl...

[SECURITY] [DSA 6271-1] gsasl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6271-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2026 https://www.debian.org/security/faq -...

Debian dsa-6271 : gsasl - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6271 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6271-1 [email protected] https://www.debian.org/security/...

[SECURITY] Fedora 44 Update: libgsasl-1.10.0-15.fc44

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms...

[SECURITY] Fedora 42 Update: libgsasl-1.10.0-15.fc42

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms...