41 matches found
CVE-2026-8925
CVE-2026-8925 affects curl with SASL authentication. The issue is a double-free: the GSASL context can be cleaned up twice without clearing the pointer, potentially freeing the same pointer twice. This vulnerability is present in curl versions prior to 8.21.0 (e.g., 8.15.0), and remote exploitati...
Linux Distros Unpatched Vulnerability : CVE-2026-56968
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted...
UBUNTU-CVE-2026-8925
The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the same pointer twice...
CVE-2026-56968
GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...
CVE-2026-56968
GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...
CVE-2026-56968
CVE-2026-56968 affects GNU SASL versions prior to 2.2.4. The NTLM client’s short challenge in the function _gsasl_ntlm_client_step has inadequate sanitization, which can lead to memory disclosure when interacting with a crafted server. Public sources (SUSE, Debian OSV, Ubuntu/Ubuntu-related advis...
[SECURITY] [DSA 6348-1] gsasl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6348-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 16, 2026 https://www.debian.org/security/faq -...
[SECURITY] [DLA 4618-1] gsasl security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4618-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz June 05, 2026 https://wiki.debian.org/LTS -...
Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : GNU SASL vulnerability (USN-8356-1)
The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8356-1 advisory. It was discovered that GNU SASL did not properly handle certain DIGEST-MD5 tokens. An attacker could possibly use this issue to cause GNU SASL...
USN-8356-1 gsasl vulnerability
It was discovered that GNU SASL did not properly handle certain DIGEST-MD5 tokens. An attacker could possibly use this issue to cause GNU SASL to crash, resulting in a denial of service...
USN-8356-1: GNU SASL vulnerability
It was discovered that GNU SASL did not properly handle certain DIGEST-MD5 tokens. An attacker could possibly use this issue to cause GNU SASL to crash, resulting in a denial of service...
SUSE CVE-2026-48829
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...
CVE-2026-48829
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...
Linux Distros Unpatched Vulnerability : CVE-2026-48829
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This...
CVE-2026-48829
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...
UBUNTU-CVE-2026-48829
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...
CVE-2026-48829
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...
EUVD-2026-31562
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...
CVE-2026-48829
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...
CVE-2026-48829
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...