3 matches found
Moderate: gssntlmssp security update
The gssntlmssp is a GSSAPI NTLM mechanism that allows to perform NTLM authentication in GSSAPI programs. Security Fixes: gssntlmssp: multiple out-of-bounds read when decoding NTLM fields CVE-2023-25563 gssntlmssp: memory corruption when decoding UTF16 strings CVE-2023-25564 gssntlmssp: incorrect...
Updated gssntlmssp packages fix security vulnerability
Multiple out-of-bounds read when decoding NTLM fields. CVE-2023-25563 Memory corruption when decoding UTF16 strings. CVE-2023-25564 Incorrect free when decoding target information. CVE-2023-25565 Memory leak when parsing usernames. CVE-2023-25566 Out-of-bounds read when decoding target informatio...
Denial Of Service (DoS)
gss-ntlmssp is vulnerable to Denial Of Service DoS. The vulnerability exists because of a memory leak when parsing usernames to the domain portion of a username, which overrides the allocated memory area of the size of the domain name via the main gssacceptseccontext entry point, leading to an...