CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS
Percentile
45.8%
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements
NTLM authentication. Prior to version 1.2.0, memory corruption can be
triggered when decoding UTF16 strings. The variable outlen
was not
initialized and could cause writing a zero to an arbitrary place in memory
if ntlm_str_convert()
were to fail, which would leave outlen
uninitialized. This can lead to a denial of service if the write hits
unmapped memory or randomly corrupts a byte in the application memory
space. This vulnerability can trigger an out-of-bounds write, leading to
memory corruption. This vulnerability can be triggered via the main
gss_accept_sec_context
entry point. This issue is fixed in version 1.2.0.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | gss-ntlmssp | < any | UNKNOWN |
ubuntu | 20.04 | noarch | gss-ntlmssp | < any | UNKNOWN |
ubuntu | 22.04 | noarch | gss-ntlmssp | < any | UNKNOWN |
ubuntu | 24.04 | noarch | gss-ntlmssp | < any | UNKNOWN |
ubuntu | 16.04 | noarch | gss-ntlmssp | < any | UNKNOWN |
github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950 (v1.2.0)
github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq
launchpad.net/bugs/cve/CVE-2023-25564
nvd.nist.gov/vuln/detail/CVE-2023-25564
security-tracker.debian.org/tracker/CVE-2023-25564
www.cve.org/CVERecord?id=CVE-2023-25564