VYPR

rpm package

suse/gssntlmssp&distro=SUSE Package Hub 15 SP4

pkg:rpm/suse/gssntlmssp&distro=SUSE%20Package%20Hub%2015%20SP4

Vulnerabilities (5)

  • CVE-2023-25567Feb 14, 2023
    affected < 1.2.0-bp154.2.3.1fixed 1.2.0-bp154.2.3.1

    GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bo

  • CVE-2023-25566Feb 14, 2023
    affected < 1.2.0-bp154.2.3.1fixed 1.2.0-bp154.2.3.1

    GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocate

  • CVE-2023-25565Feb 14, 2023
    affected < 1.2.0-bp154.2.3.1fixed 1.2.0-bp154.2.3.1

    GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a cop

  • CVE-2023-25564Feb 14, 2023
    affected < 1.2.0-bp154.2.3.1fixed 1.2.0-bp154.2.3.1

    GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in m

  • CVE-2023-25563Feb 14, 2023
    affected < 1.2.0-bp154.2.3.1fixed 1.2.0-bp154.2.3.1

    GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consist