Unrated severityNVD Advisory· Published Feb 14, 2023· Updated Mar 10, 2025
GSS-NTLMSSP vulnerable to out-of-bounds read when decoding target information
CVE-2023-25567
Description
GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the av_pair is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main gss_accept_sec_context entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5<1.2.0+ 1 more
- (no CPE)range: <1.2.0
- (no CPE)range: < 1.2.0
- osv-coords3 versionspkg:rpm/almalinux/gssntlmssppkg:rpm/opensuse/gssntlmssp&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/gssntlmssp&distro=SUSE%20Package%20Hub%2015%20SP4
< 1.2.0-1.el8_8+ 2 more
- (no CPE)range: < 1.2.0-1.el8_8
- (no CPE)range: < 1.2.0-bp154.2.3.1
- (no CPE)range: < 1.2.0-bp154.2.3.1
Patches
Vulnerability mechanics
References
3- github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4mitrex_refsource_MISC
- github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0mitrex_refsource_MISC
- github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24chmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.