GoogleOSV:ALSA-2023:3097Moderate: gssntlmssp security update
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
AI Score
Confidence
Low
EPSS
Percentile
45.8%
The gssntlmssp is a GSSAPI NTLM mechanism that allows to perform NTLM authentication in GSSAPI programs.
Security Fix(es):
- gssntlmssp: multiple out-of-bounds read when decoding NTLM fields (CVE-2023-25563)
- gssntlmssp: memory corruption when decoding UTF16 strings (CVE-2023-25564)
- gssntlmssp: incorrect free when decoding target information (CVE-2023-25565)
- gssntlmssp: memory leak when parsing usernames (CVE-2023-25566)
- gssntlmssp: out-of-bounds read when decoding target information (CVE-2023-25567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
access.redhat.com/errata/RHSA-2023:3097
access.redhat.com/security/cve/CVE-2023-25563
access.redhat.com/security/cve/CVE-2023-25564
access.redhat.com/security/cve/CVE-2023-25565
access.redhat.com/security/cve/CVE-2023-25566
access.redhat.com/security/cve/CVE-2023-25567
bugzilla.redhat.com/2172019
bugzilla.redhat.com/2172020
bugzilla.redhat.com/2172021
bugzilla.redhat.com/2172022
bugzilla.redhat.com/2172023
errata.almalinux.org/8/ALSA-2023-3097.html
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
AI Score
Confidence
Low
EPSS
Percentile
45.8%