MiracleLinux 8 : gssntlmssp-1.2.0-1.el8.ML.1 (AXSA:2023-6149:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6149:01 advisory. gssntlmssp: multiple out-of-bounds read when decoding NTLM fields CVE-2023-25563 gssntlmssp: memory corruption when decoding UTF16 strings...

GSS-NTLMSSP vulnerable to multiple out-of-bounds reads when decoding NTLM fields

...

openSUSE: Security Advisory for gssntlmssp (openSUSE-SU-2023:0048-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated gssntlmssp packages fix security vulnerability

Multiple out-of-bounds read when decoding NTLM fields. CVE-2023-25563 Memory corruption when decoding UTF16 strings. CVE-2023-25564 Incorrect free when decoding target information. CVE-2023-25565 Memory leak when parsing usernames. CVE-2023-25566 Out-of-bounds read when decoding target informatio...

Denial Of Service (DoS)

gss-ntlmssp is vulnerable to Denial of Service DoS attacks. Multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service due to a 32-bit integer overflow condition and incorrect checks of consistency of length of internal buffers. This vulnerability can be triggered via...