CVE-2023-25563

2023-02-1418:15:13

CWE-125

GitHub_M

web.nvd.nist.gov

cve-2023-25563

gss-ntlmssp

mechglue plugin

out-of-bounds reads

denial of service

authentication

ntlm

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

45.8%

JSON

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen. This vulnerability can be triggered via the main gss_accept_sec_context entry point if the application allows tokens greater than 4GB in length. This can lead to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory. Version 1.2.0 contains a patch for the out-of-bounds reads.

Affected configurations

Nvd

Vulners

Node

gss-ntlmssp_projectgss-ntlmsspRange<1.2.0

VendorProductVersionCPE
gss-ntlmssp_projectgss-ntlmssp*cpe:2.3:a:gss-ntlmssp_project:gss-ntlmssp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gss-ntlmssp_project	gss-ntlmssp	*	cpe:2.3:a:gss-ntlmssp_project:gss-ntlmssp::::::::

CNA Affected

[
  {
    "vendor": "gssapi",
    "product": "gss-ntlmssp",
    "versions": [
      {
        "version": "< 1.2.0",
        "status": "affected"
      }
    ]
  }
]