GNU SASL

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-48829	GNU GNU SASL	Hig	0.42	7.5	0.00		May 24, 2026	In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.
CVE-2022-2469	GNU GNU SASL		0.00	—	0.00		Jul 19, 2022	GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client

CVE-2026-48829HigMay 24, 2026
GNU
GNU SASL
risk 0.42cvss 7.5epss 0.00
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.
CVE-2022-2469Jul 19, 2022
GNU
GNU SASL
risk 0.00cvss —epss 0.00
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client