gss-ntlmssp is vulnerable to Denial of Service (DoS) attacks. Multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service due to a 32-bit integer overflow condition and incorrect checks of consistency of length of internal buffers. This vulnerability can be triggered via the main gss_accept_sec_context
entry point if the application allows tokens greater than 4GB in length.