All the vulnerabilites related to gssapi - gss-ntlmssp
cve-2023-25567
Vulnerability from cvelistv5
Published
2023-02-14 17:35
Modified
2024-08-02 11:25
Severity ?
EPSS score ?
Summary
GSS-NTLMSSP vulnerable to out-of-bounds read when decoding target information
References
▼ | URL | Tags |
---|---|---|
https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch | x_refsource_CONFIRM | |
https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4 | x_refsource_MISC | |
https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
gssapi | gss-ntlmssp |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:25:19.291Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch" }, { "name": "https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4" }, { "name": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "gss-ntlmssp", "vendor": "gssapi", "versions": [ { "status": "affected", "version": "\u003c 1.2.0" } ] } ], "descriptions": [ { "lang": "en", "value": "GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T17:35:59.571Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch" }, { "name": "https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4" }, { "name": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0" } ], "source": { "advisory": "GHSA-24pf-6prf-24ch", "discovery": "UNKNOWN" }, "title": "GSS-NTLMSSP vulnerable to out-of-bounds read when decoding target information" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-25567", "datePublished": "2023-02-14T17:35:59.571Z", "dateReserved": "2023-02-07T17:10:00.738Z", "dateUpdated": "2024-08-02T11:25:19.291Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25564
Vulnerability from cvelistv5
Published
2023-02-14 17:35
Modified
2024-08-02 11:25
Severity ?
EPSS score ?
Summary
GSS-NTLMSSP vulnerable to memory corruption when decoding UTF16 strings
References
▼ | URL | Tags |
---|---|---|
https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq | x_refsource_CONFIRM | |
https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950 | x_refsource_MISC | |
https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
gssapi | gss-ntlmssp |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:25:19.239Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq" }, { "name": "https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950" }, { "name": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "gss-ntlmssp", "vendor": "gssapi", "versions": [ { "status": "affected", "version": "\u003c 1.2.0" } ] } ], "descriptions": [ { "lang": "en", "value": "GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in memory if `ntlm_str_convert()` were to fail, which would leave `outlen` uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This issue is fixed in version 1.2.0." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T17:35:26.294Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq" }, { "name": "https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950" }, { "name": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0" } ], "source": { "advisory": "GHSA-r85x-q5px-9xfq", "discovery": "UNKNOWN" }, "title": "GSS-NTLMSSP vulnerable to memory corruption when decoding UTF16 strings" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-25564", "datePublished": "2023-02-14T17:35:26.294Z", "dateReserved": "2023-02-07T17:10:00.735Z", "dateUpdated": "2024-08-02T11:25:19.239Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25565
Vulnerability from cvelistv5
Published
2023-02-14 17:35
Modified
2024-08-02 11:25
Severity ?
EPSS score ?
Summary
GSS-NTLMSSP vulnerable to incorrect free when decoding target information
References
▼ | URL | Tags |
---|---|---|
https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg | x_refsource_CONFIRM | |
https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64 | x_refsource_MISC | |
https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
gssapi | gss-ntlmssp |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:25:19.244Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg" }, { "name": "https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64" }, { "name": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "gss-ntlmssp", "vendor": "gssapi", "versions": [ { "status": "affected", "version": "\u003c 1.2.0" } ] } ], "descriptions": [ { "lang": "en", "value": "GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-590", "description": "CWE-590: Free of Memory not on the Heap", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T17:35:41.222Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg" }, { "name": "https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64" }, { "name": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0" } ], "source": { "advisory": "GHSA-7q7f-wqcg-mvfg", "discovery": "UNKNOWN" }, "title": "GSS-NTLMSSP vulnerable to incorrect free when decoding target information" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-25565", "datePublished": "2023-02-14T17:35:41.222Z", "dateReserved": "2023-02-07T17:10:00.737Z", "dateUpdated": "2024-08-02T11:25:19.244Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25563
Vulnerability from cvelistv5
Published
2023-02-14 17:35
Modified
2024-08-02 11:25
Severity ?
EPSS score ?
Summary
GSS-NTLMSSP vulnerable to multiple out-of-bounds reads when decoding NTLM fields
References
▼ | URL | Tags |
---|---|---|
https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf | x_refsource_CONFIRM | |
https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd | x_refsource_MISC | |
https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
gssapi | gss-ntlmssp |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:25:19.176Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf" }, { "name": "https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd" }, { "name": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "gss-ntlmssp", "vendor": "gssapi", "versions": [ { "status": "affected", "version": "\u003c 1.2.0" } ] } ], "descriptions": [ { "lang": "en", "value": "GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point if the application allows tokens greater than 4GB in length. This can lead to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory. Version 1.2.0 contains a patch for the out-of-bounds reads." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T17:35:08.172Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf" }, { "name": "https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd" }, { "name": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0" } ], "source": { "advisory": "GHSA-jjjx-5qf7-9mgf", "discovery": "UNKNOWN" }, "title": "GSS-NTLMSSP vulnerable to multiple out-of-bounds reads when decoding NTLM fields" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-25563", "datePublished": "2023-02-14T17:35:08.172Z", "dateReserved": "2023-02-07T17:10:00.735Z", "dateUpdated": "2024-08-02T11:25:19.176Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25566
Vulnerability from cvelistv5
Published
2023-02-14 17:35
Modified
2024-08-02 11:25
Severity ?
EPSS score ?
Summary
GSS-NTLMSSP vulnerable to memory leak when parsing usernames
References
▼ | URL | Tags |
---|---|---|
https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74 | x_refsource_CONFIRM | |
https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4 | x_refsource_MISC | |
https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
gssapi | gss-ntlmssp |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:25:19.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74" }, { "name": "https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4" }, { "name": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "gss-ntlmssp", "vendor": "gssapi", "versions": [ { "status": "affected", "version": "\u003c 1.2.0" } ] } ], "descriptions": [ { "lang": "en", "value": "GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401: Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T17:35:48.482Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74" }, { "name": "https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4" }, { "name": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0" } ], "source": { "advisory": "GHSA-mfm4-6g58-jw74", "discovery": "UNKNOWN" }, "title": "GSS-NTLMSSP vulnerable to memory leak when parsing usernames" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-25566", "datePublished": "2023-02-14T17:35:48.482Z", "dateReserved": "2023-02-07T17:10:00.737Z", "dateUpdated": "2024-08-02T11:25:19.220Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }