Lucene search
K

56 matches found

OSV
OSV
added 2025/12/01 1:2 p.m.4 views

ROOT-OS-UBUNTU-2204-CVE-2023-25563 CVE-2023-25563 in rootio-gss-ntlmssp - Patched by Root

Root has patched CVE-2023-25563 in the rootio-gss-ntlmssp package for Root:Ubuntu:22.04. Multiple fixed versions available...

7.5CVSS5.4AI score0.01091EPSS
Exploits0
OSV
OSV
added 2025/11/28 9:43 a.m.3 views

ROOT-OS-UBUNTU-2204-CVE-2023-25565 CVE-2023-25565 in rootio-gss-ntlmssp - Patched by Root

Root has patched CVE-2023-25565 in the rootio-gss-ntlmssp package for Root:Ubuntu:22.04. Multiple fixed versions available...

7.5CVSS5.4AI score0.01103EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/06/25 12:0 a.m.5 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : GSS NTLMSSP vulnerabilities (USN-7588-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7588-1 advisory. Phil Turnbull discovered that GSS NTLMSSP may perform out-of-bounds reads when decoding NTLM fields and target...

8.2CVSS7.5AI score0.01942EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2025/06/24 12:0 a.m.4 views

Ubuntu: Security Advisory (USN-7588-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS8.1AI score0.01942EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2025/06/23 9:59 a.m.5 views

USN-7588-1: GSS NTLMSSP vulnerabilities

Phil Turnbull discovered that GSS NTLMSSP may perform out-of-bounds reads when decoding NTLM fields and target information. An attacker could possibly use this issue to cause GSS NTLMSSP to crash, resulting in a denial of service. CVE-2023-25563, CVE-2023-25567 Phil Turnbull discovered that GSS...

8.2CVSS7.4AI score0.01942EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.7 views

TencentOS Server 3: gssntlmssp (TSSA-2023:0084)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0084 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.2CVSS7.7AI score0.01942EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-25567

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of- bounds read when decoding target information prior to...

7.5CVSS7.2AI score0.01103EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-25565

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target...

7.5CVSS7.2AI score0.01103EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/24 12:0 a.m.30 views

Oracle Linux 8 : gssntlmssp (ELSA-2023-3097)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-3097 advisory. - Fix CVE-2023-25563: multiple out-of-bounds read when decoding NTLM fields - Fix CVE-2023-25564: memory corruption when decoding UTF16 strings - Fix...

8.2CVSS7.7AI score0.01942EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/05/19 12:0 a.m.26 views

AlmaLinux 8 : gssntlmssp (ALSA-2023:3097)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:3097 advisory. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when...

8.2CVSS8AI score0.01942EPSS
Exploits0References6
Veracode
Veracode
added 2023/03/12 8:17 p.m.8 views

Denial Of Service (DoS)

gss-ntlmssp is vulnerable to Denial Of Service DoS. The vulnerability exists because of the incorrect free when decoding target information, which leads to an application crash via the main gssacceptseccontext entry point...

7.5CVSS7.6AI score0.01103EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2023/03/12 8:17 p.m.14 views

Denial Of Service (DoS)

gss-ntlmssp is vulnerable to Denial of Service DoS attacks. Multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service due to a 32-bit integer overflow condition and incorrect checks of consistency of length of internal buffers. This vulnerability can be triggered via...

7.5CVSS7.5AI score0.01091EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2023/03/12 8:17 p.m.15 views

Denial Of Service (DoS)

gss-ntlmssp is vulnerable to Denial Of Service DoS. The vulnerability exists because of a memory leak when parsing usernames to the domain portion of a username, which overrides the allocated memory area of the size of the domain name via the main gssacceptseccontext entry point, leading to an...

7.5CVSS7.4AI score0.01103EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2023/03/12 8:16 p.m.16 views

Denial Of Service (DoS)

gss-ntlmssp is vulnerable to Denial of Service DoS attacks. Memory corruption can be triggered when decoding UTF16 strings if the variable 'outlen' is not initialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory spac...

8.2CVSS7.9AI score0.01942EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2023/03/12 8:8 p.m.8 views

Denial Of Service (DoS)

gss-ntlmssp is vulnerable to Denial of Service DoS attacks. The length of the avpair is not checked properly for two elements, which can trigger an out-of-bounds read and cause a denial-of-service if memory is unmapped...

7.5CVSS7.3AI score0.01103EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/02/22 12:0 a.m.25 views

Fedora 37 : gssntlmssp (2023-cb63c0f615)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-cb63c0f615 advisory. Patched several CVEs reported by GitHub Security Lab CVE-2023-25563 CVE-2023-25564 CVE-2023-25565 CVE-2023-25566 CVE-2023-25567 Tenable has extracte...

8.2CVSS7.6AI score0.01942EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2023/02/21 8:59 a.m.20 views

CVE-2023-25566

A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. A memory leak can be triggered when parsing usernames, triggering a denial of service. The domain portion of a username may be overridden, causing an allocated memory area the size of th...

7.5CVSS7.2AI score0.01103EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/02/21 8:59 a.m.18 views

CVE-2023-25567

A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. It has an out-of-bounds read when decoding target information. The length of the avpair is not checked properly for two of the elements, which can trigger an out-of-bounds read via the...

7.5CVSS7.2AI score0.01103EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/02/21 8:59 a.m.17 views

CVE-2023-25565

A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. An incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that needs to...

7.5CVSS7.3AI score0.01103EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/02/21 8:59 a.m.20 views

CVE-2023-25563

A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. Multiple out-of-bounds reads occur when decoding NTLM fields and can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of the consistency of t...

7.5CVSS7.5AI score0.01091EPSS
Exploits0References4
Rows per page
Query Builder