CVE-2023-25564

Name of the Vulnerable Software and Affected Versions GSS-NTLMSSP versions prior to 1.2.0

Description The issue is related to memory corruption that can be triggered when decoding UTF16 strings. The variable outlen was not initialized, which could cause writing a zero to an arbitrary place in memory if ntlm str convert() fails, leaving outlen uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. The vulnerability can trigger an out-of-bounds write, leading to memory corruption, and can be triggered via the main gss accept sec context entry point.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 to resolve the issue. As a temporary workaround, consider restricting the use of the gss accept sec context entry point until a patch is available. Avoid using the ntlm str convert() function with untrusted input until the issue is resolved.