Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-25566

Опубликовано: 14 фев. 2023
Источник: redhat
CVSS3: 7.5

Описание

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main gss_accept_sec_context entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0.

A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. A memory leak can be triggered when parsing usernames, triggering a denial of service. The domain portion of a username may be overridden, causing an allocated memory area the size of the domain name to be leaked. This flaw allows an attacker to leak memory via the main gss_accept_sec_context entry point, potentially causing a denial of service.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-401
https://bugzilla.redhat.com/show_bug.cgi?id=2172022gssntlmssp: memory leak when parsing usernames

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-25566

CVSS3: 7.5
ubuntu
почти 3 года назад

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0.

nvd логотип

CVE-2023-25566

CVSS3: 7.5
nvd
почти 3 года назад

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0.

msrc логотип

CVE-2023-25566

CVSS3: 7.5
msrc
11 месяцев назад

Описание отсутствует

debian логотип

CVE-2023-25566

CVSS3: 7.5
debian
почти 3 года назад

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...

fstec логотип

BDU:2025-12445

CVSS3: 7.5
fstec
почти 3 года назад

Уязвимость плагина GSS-NTLMSSP библиотеки GSSAPI, позволяющая нарушителю вызвать отказ в обслуживании

7.5 High

CVSS3