A flaw was found in the libntlm NTLM library where it was vulnerable to a buffer overflow in the buildSmbNtlmAuthRequest_userlen() function. If an application using this library does not check input length before calling the function, an attacker could use this flaw to send a specially crafted request that could crash the application, or possibly trigger code execution.
The calling application must verify that the input username and domain fit in the 1024 byte buffer.