Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-25565

Опубликовано: 14 фев. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main gss_accept_sec_context entry point. This will likely trigger an assertion failure in free, causing a denial-of-service. This issue is fixed in version 1.2.0.

A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. An incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main gss_accept_sec_context entry point. This issue will likely trigger an assertion failure in free, causing a denial of service.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-590
https://bugzilla.redhat.com/show_bug.cgi?id=2172021gssntlmssp: incorrect free when decoding target information

EPSS

Процентиль: 22%
0.00069
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-25565

CVSS3: 7.5
ubuntu
больше 2 лет назад

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0.

nvd логотип

CVE-2023-25565

CVSS3: 7.5
nvd
больше 2 лет назад

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0.

msrc логотип

CVE-2023-25565

CVSS3: 7.5
msrc
6 месяцев назад

Описание отсутствует

debian логотип

CVE-2023-25565

CVSS3: 7.5
debian
больше 2 лет назад

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...

suse-cvrf логотип

openSUSE-SU-2023:0048-1

suse-cvrf
больше 2 лет назад

Security update for gssntlmssp

EPSS

Процентиль: 22%
0.00069
Низкий

7.5 High

CVSS3