211 matches found
Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2026-1755)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1755 advisory. Fix GSS-API resource leak CVE-2026-3039 Limit resolver server list size CVE-2026-3592 An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS message...
USN-8293-1: Bind vulnerabilities
Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...
USN-8293-1 bind9 vulnerabilities
Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...
CVE-2026-3039
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...
CVE-2026-3039 BIND 9 server memory exhaustion during GSS-API TKEY negotiation
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...
BIT-POSTGRESQL-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....
curl: CVE-2026-8458: wrong reuse for different services
Summary: I found an incomplete-fix variant of CVE-2026-5545 in curl/libcurl 8.20.0. libcurl 8.20.0 still wrongly reuses an HTTP Negotiate-authenticated connection for a later request to the same host even when the requested service principal changes via CURLOPTSERVICENAME / --service-name. In my...
CVE-2026-6691
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...
CVE-2026-40355
CVE-2026-40355 affects MIT Kerberos 5 (krb5) before 1.22.3. The issue is a NULL pointer dereference in NegoEx parsing when an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing th...
JLSEC-2026-48
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...
CLSA-2026-1774366569 Fix CVE(s): CVE-2026-3497
SECURITY UPDATE: pre-auth crash via GSSAPI key exchange - debian/patches/CVE-2026-3497.patch: replace sshpktdisconnect with sshpacketdisconnect and initialize gssbufferdesc variables in kexgssc.c, kexgsss.c. - CVE-2026-3497...
GHSA-CP6G-7HQX-QXHP mongo-go-driver has Heap Out-of-Bounds Read in GSSAPI Error Handling
The mongo-go-driver repository contains CGo bindings for GSSAPI Kerberos authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not...
SUSE CVE-2025-58181
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...
EUVD-2005-1127
Malware in sbrugna...
EUVD-2010-1350
Malware in sbrugna...
EUVD-2010-0659
Malware in sbrugna...
EUVD-2022-34729
Malicious code in bioql PyPI...
curl: Race condition on global `gss_context` during SOCKS5 GSS-API negotiation in libcurl
Summary: Concurrent SOCKS5 GSS-API authentications share a file-scope global gsscontext without synchronization, causing data races and undefined behavior. - Global context defined at: 52:54:curl/lib/socksgssapi.c static gssctxidt gsscontext = GSSCNOCONTEXT; - Passed by address into the GSS init...
Linux Distros Unpatched Vulnerability : CVE-2022-2469
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client CVE-2022-2469 Note that Nessus relies on the presence of the packag...
Linux Distros Unpatched Vulnerability : CVE-2011-1526
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications aka krb5-appl 1.0.1 and earlier does not check the krb5setegid return value, which allow...