Lucene search
Veracode Vulnerability DatabaseVERACODE:39715HistoryMar 12, 2023 - 8:16 p.m.
Denial Of Service (DoS)
2023-03-1220:16:59
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
gss-ntlmssp
denial of service
memory corruption
utf16 strings
uninitialized variable
application memory.
EPSS
0.001
Percentile
45.8%
gss-ntlmssp is vulnerable to Denial of Service (DoS) attacks. Memory corruption can be triggered when decoding UTF16 strings if the variable ‘outlen’ is not initialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can be triggered via the main gss_accept_sec_context entry point.
Related
nvd
nvd
CVE-2023-25564
2023-02-14 18:15:13
cve
cve
CVE-2023-25564
2023-02-14 18:15:13
prion
prion
Memory corruption
2023-02-14 18:15:00
cvelist
cvelist
debiancve
debiancve
CVE-2023-25564
2023-02-14 18:15:13
redhatcve
redhatcve
CVE-2023-25564
2023-02-21 08:59:15
osv
osv
CVE-2023-25564
2023-02-14 18:15:13
Moderate: gssntlmssp security update
2023-05-16 00:00:00
ubuntucve
ubuntucve
CVE-2023-25564
2023-02-14 00:00:00
oraclelinux
oraclelinux
gssntlmssp security update
2023-05-24 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0108)
2023-03-28 00:00:00
Fedora: Security Advisory for gssntlmssp (FEDORA-2023-cb63c0f615)
2023-02-23 00:00:00
openSUSE: Security Advisory for gssntlmssp (openSUSE-SU-2023:0048-1)
2024-03-04 00:00:00
mageia
mageia
Updated gssntlmssp packages fix security vulnerability
2023-03-24 08:55:49
nessus
nessus
Oracle Linux 8 : gssntlmssp (ELSA-2023-3097)
2023-05-24 00:00:00
Fedora 37 : gssntlmssp (2023-cb63c0f615)
2023-02-22 00:00:00
AlmaLinux 8 : gssntlmssp (ALSA-2023:3097)
2023-05-19 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: gssntlmssp-1.2.0-1.fc37
2023-02-22 10:15:16
redhat
redhat
(RHSA-2023:3097) Moderate: gssntlmssp security update
2023-05-16 09:15:20
almalinux
almalinux
Moderate: gssntlmssp security update
2023-05-16 00:00:00