GNU SASL
by GNU
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48829 | Hig | 0.42 | 7.5 | 0.00 | May 24, 2026 | In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c. | ||
| CVE-2026-56968 | 0.00 | — | 0.00 | Jun 23, 2026 | GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server. | |||
| CVE-2022-2469 | Low | 0.00 | 3.8 | 0.01 | Jul 19, 2022 | GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client |
- risk 0.42cvss 7.5epss 0.00
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.
- CVE-2026-56968Jun 23, 2026risk 0.00cvss —epss 0.00
GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.
- risk 0.00cvss 3.8epss 0.01
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client