all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-25563 (gss-ntlmssp)

Add to bookmarks
Feb. 14, 2023, 6:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point if the …

applications authentication buffer cve decoding denial of service entry error input integer internal length library main ntlm ntlm authentication ntlmssp out-of-bounds overflow plugin point service trigger version version 1 vulnerability

Visit resource

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 6 months, 1 week ago | web.nvd.nist.gov
attackers cve denial of service issue +1
CVE-2023-40101 (android) 6 months, 1 week ago | web.nvd.nist.gov
android check collapse cve +7
CVE-2023-21377 (android) 6 months, 1 week ago | web.nvd.nist.gov
android bypass cve disclosure +8
CVE-2023-21380 (android) 6 months, 1 week ago | web.nvd.nist.gov
android bluetooth buffer buffer overflow +9
CVE-2023-21382 (android) 6 months, 1 week ago | web.nvd.nist.gov
access android check cve +11
CVE-2023-21381 (android) 6 months, 1 week ago | web.nvd.nist.gov
android arbitrary code code code execution +10
CVE-2023-21385 (android) 6 months, 1 week ago | web.nvd.nist.gov
android corruption cve disclosure +7
CVE-2023-21387 (android) 6 months, 1 week ago | web.nvd.nist.gov
android backup bypass cve +11
CVE-2023-21389 (android) 6 months, 1 week ago | web.nvd.nist.gov
android bypass check cve +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior PAM Security Engineer

@ Experian | Hyderabad, India
View on infosec-jobs.com

Cybersecurity Analyst II

@ Spry Methods | Washington, DC (Hybrid)
View on infosec-jobs.com

Cyber Security Engineer

@ Expleo | Gothenburg, AC, Sweden
View on infosec-jobs.com

Cybersecurity – Information System Security Manager (ISSM)

@ Boeing | USA - Albuquerque, NM
View on infosec-jobs.com

Senior Security Engineer - Canada

@ DataVisor | Ontario, Canada - Remote
View on infosec-jobs.com

Cybersecurity Architect

@ HARMAN International | JP Tokyo 3-5-7 Ariake Koto-ku
View on infosec-jobs.com
View more jobs