PT-2024-24940 · Vitess · Vitess

Name of the Vulnerable Software and Affected Versions: Vitess versions prior to 17.0.7 Vitess versions prior to 18.0.5 Vitess versions prior to 19.0.4 Description: The issue arises when executing a specific query, causing the vtgate to enter an endless loop and consume increasing amounts of memor...

gssntlmssp: memory corruption when decoding UTF16 strings

A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. Memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if the ntlmstrconve...

DEBIAN-CVE-2023-25564

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if...

AZL-45234 CVE-2023-25564 affecting package gssntlmssp for versions less than 1.3.1-1

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if...