Philipturnbull

**Name of the Vulnerable Software and Affected Versions** comrak versions prior to 0.17.0 **Description** The issue concerns quadratic parsing problems in comrak, a CommonMark + GFM compatible Markdown parser and renderer written in rust. These problems can be exploited to craft denial-of-service attacks on services that use comrak to parse Markdown. **Recommendations** For versions prior to 0.17.0, upgrade to version 0.17.0 to address the quadratic parsing issues. As a temporary workaround, consider restricting the use of comrak for parsing Markdown until the issue is resolved. Avoid using comrak to parse potentially malicious Markdown input until the issue is fixed.

**Name of the Vulnerable Software and Affected Versions** GSS-NTLMSSP versions prior to 1.2.0 **Description** GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. This vulnerability can be triggered via the main `gss accept sec context` entry point if the application allows tokens greater than 4GB in length, leading to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 to patch the out-of-bounds reads. As a temporary workaround, consider restricting the application to accept tokens less than 4GB in length to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GSS-NTLMSSP versions prior to 1.2.0 **Description** The issue is related to memory corruption that can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized, which could cause writing a zero to an arbitrary place in memory if `ntlm str convert()` fails, leaving `outlen` uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. The vulnerability can trigger an out-of-bounds write, leading to memory corruption, and can be triggered via the main `gss accept sec context` entry point. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 to resolve the issue. As a temporary workaround, consider restricting the use of the `gss accept sec context` entry point until a patch is available. Avoid using the `ntlm str convert()` function with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GSS-NTLMSSP versions prior to 1.2.0 **Description** GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. A memory leak can be triggered when parsing usernames, potentially causing a denial-of-service. The domain portion of a username may be overridden, causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss accept sec context` entry point. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 to resolve the issue. As a temporary workaround, consider restricting the use of the `gss accept sec context` entry point to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GSS-NTLMSSP versions prior to 1.2.0 **Description** The issue is an out-of-bounds read that occurs when decoding target information. This happens because the length of the `av pair` is not properly checked for two elements, which can trigger an out-of-bounds read. The out-of-bounds read can be triggered via the main `gss accept sec context` entry point and could cause a denial-of-service if the memory is unmapped. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the `gss accept sec context` entry point to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GSS-NTLMSSP versions prior to 1.2.0 **Description** The issue is related to an incorrect free when decoding target information, which can trigger a denial of service. This occurs because the error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. The vulnerability can be triggered via the main `gss accept sec context` entry point, likely causing an assertion failure in `free`. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 to resolve the issue. As a temporary workaround, consider restricting the use of the `gss accept sec context` entry point until the update is applied.

**Name of the Vulnerable Software and Affected Versions** cmark-gfm versions prior to 0.29.0.gfm.7 **Description** cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. The issue is related to several polynomial time complexity problems that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. **Recommendations** For versions prior to 0.29.0.gfm.7, upgrade to version 0.29.0.gfm.7 or later to patch the vulnerabilities. If upgrading is not possible, validate input from trusted sources to minimize the risk of exploitation. As a temporary workaround, consider restricting the input size to prevent large values from being piped to cmark-gfm.