PT-2023-20163 · Unknown+6 · Gss-Ntlmssp+6

Philipturnbull

Publicado

2023-02-12

Atualizado

2025-11-28

CVE-2023-25565

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GSS-NTLMSSP versions prior to 1.2.0

Description The issue is related to an incorrect free when decoding target information, which can trigger a denial of service. This occurs because the error condition incorrectly assumes the cb and sh buffers contain a copy of the data that needs to be freed. The vulnerability can be triggered via the main gss accept sec context entry point, likely causing an assertion failure in free.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 to resolve the issue. As a temporary workaround, consider restricting the use of the gss accept sec context entry point until the update is applied.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-763CWE-590

Identificadores relacionados

ALSA-2023:3097

AZL-43606

AZL-45279

BDU:2025-12444

CESA-2023_3097

CVE-2023-25565

GHSA-7Q7F-WQCG-MVFG

MGASA-2023-0108

OESA-2023-1116

OPENSUSE-SU-2023:0048-1

OPENSUSE-SU-2024:12701-1

RHSA-2023:3097

RHSA-2023_3097

USN-7588-1

Produtos afetados

Almalinux

Centos

Debian

Gss-Ntlmssp

Linuxmint

Red Hat

Ubuntu

PT-2023-20163 · Unknown+6 · Gss-Ntlmssp+6

CVE-2023-25565

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54