Lucene search
+L

11 matches found

CBLMariner
CBLMariner
added 2025/05/15 9:13 p.m.7 views

CVE-2023-25564 affecting package gssntlmssp for versions less than 1.3.1-1

CVE-2023-25564 affecting package gssntlmssp for versions less than 1.3.1-1. An upgraded version of the package is available that resolves this issue...

8.2CVSS6.9AI score0.01942EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.15 views

openSUSE: Security Advisory for gssntlmssp (openSUSE-SU-2023:0048-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS6.8AI score0.01942EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2023/05/24 12:0 a.m.13 views

gssntlmssp security update

1.2.0-1 - New release 1.2.0 - Fix CVE-2023-25563: multiple out-of-bounds read when decoding NTLM fields - Fix CVE-2023-25564: memory corruption when decoding UTF16 strings - Fix CVE-2023-25565: incorrect free when decoding target information - Fix CVE-2023-25566: memory leak when parsing username...

8.2CVSS7.3AI score0.01942EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/05/24 12:0 a.m.30 views

Oracle Linux 8 : gssntlmssp (ELSA-2023-3097)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-3097 advisory. - Fix CVE-2023-25563: multiple out-of-bounds read when decoding NTLM fields - Fix CVE-2023-25564: memory corruption when decoding UTF16 strings - Fix...

8.2CVSS7.7AI score0.01942EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/05/19 12:0 a.m.26 views

AlmaLinux 8 : gssntlmssp (ALSA-2023:3097)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:3097 advisory. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when...

8.2CVSS8AI score0.01942EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/05/16 10:7 a.m.17 views

Moderate: Red Hat Security Advisory: gssntlmssp security update

An update for gssntlmssp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.2CVSS7.2AI score0.01942EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2023/02/23 12:0 a.m.9 views

Fedora: Security Advisory for gssntlmssp (FEDORA-2023-cb63c0f615)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.2CVSS7.7AI score0.01942EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/22 12:0 a.m.25 views

Fedora 37 : gssntlmssp (2023-cb63c0f615)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-cb63c0f615 advisory. Patched several CVEs reported by GitHub Security Lab CVE-2023-25563 CVE-2023-25564 CVE-2023-25565 CVE-2023-25566 CVE-2023-25567 Tenable has extracte...

8.2CVSS7.6AI score0.01942EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/02/19 12:0 a.m.16 views

openSUSE 15 Security Update : gssntlmssp (openSUSE-SU-2023:0048-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0048-1 advisory. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds rea...

8.2CVSS8AI score0.01942EPSS
Exploits0References16
CVE
CVE
added 2023/02/14 5:35 p.m.83 views

CVE-2023-25564

The CVE-2023-25564 issue affects GSS-NTLMSSP (NTLM support for GSSAPI). Before version 1.2.0, decoding UTF-16 strings could leave outlen uninitialized, causing a potential out-of-bounds write and memory corruption that may trigger a denial of service via gss_accept_sec_context. The advisory state...

8.2CVSS7.2AI score0.01942EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/14 5:35 p.m.7 views

CVE-2023-25564 GSS-NTLMSSP vulnerable to memory corruption when decoding UTF16 strings

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if...

6.5CVSS7.4AI score0.01942EPSS
Exploits0References3
Rows per page
Query Builder