Denial Of Service (DoS)

2023-03-1220:17:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

gss-ntlmssp

vulnerability

32-bit integer overflow

length inconsistency

security issue

dos triggers

ntlm fields

application vulnerability

buffer overflow

token length

EPSS

0.001

Percentile

45.8%

JSON

gss-ntlmssp is vulnerable to Denial of Service (DoS) attacks. Multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service due to a 32-bit integer overflow condition and incorrect checks of consistency of length of internal buffers. This vulnerability can be triggered via the main gss_accept_sec_context entry point if the application allows tokens greater than 4GB in length.