GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0.
References
Link | Resource |
---|---|
https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0 | Third Party Advisory |
https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64 | Patch Third Party Advisory |
https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg | Third Party Advisory |
Configurations
Information
Published : 2023-02-14 10:15
Updated : 2023-02-22 10:42
NVD link : CVE-2023-25565
Mitre link : CVE-2023-25565
JSON object : View
CWE
CWE-763
Release of Invalid Pointer or Reference
Products Affected
gss-ntlmssp_project
- gss-ntlmssp