VYPR

Gss Ntlmssp

by Gss

CVEs (5)

  • CVE-2023-25567Feb 14, 2023
    risk 0.00cvss epss 0.01

    GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an…

  • CVE-2023-25566Feb 14, 2023
    risk 0.00cvss epss 0.01

    GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an…

  • CVE-2023-25565Feb 14, 2023
    risk 0.00cvss epss 0.01

    GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a…

  • CVE-2023-25564Feb 14, 2023
    risk 0.00cvss epss 0.02

    GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in…

  • CVE-2023-25563Feb 14, 2023
    risk 0.00cvss epss 0.01

    GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of…