PT-2023-20165 · Unknown+6 · Gss-Ntlmssp+6

Philipturnbull

Publicado

2023-02-12

Atualizado

2025-06-24

CVE-2023-25567

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GSS-NTLMSSP versions prior to 1.2.0

Description The issue is an out-of-bounds read that occurs when decoding target information. This happens because the length of the av pair is not properly checked for two elements, which can trigger an out-of-bounds read. The out-of-bounds read can be triggered via the main gss accept sec context entry point and could cause a denial-of-service if the memory is unmapped.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the gss accept sec context entry point to minimize the risk of exploitation.

Exploit

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALSA-2023:3097

AZL-43771

AZL-44844

BDU:2025-12800

CESA-2023_3097

CVE-2023-25567

GHSA-24PF-6PRF-24CH

MGASA-2023-0108

OESA-2023-1116

OPENSUSE-SU-2023:0048-1

OPENSUSE-SU-2024:12701-1

RHSA-2023:3097

RHSA-2023_3097

USN-7588-1

Produtos afetados

Almalinux

Centos

Debian

Gss-Ntlmssp

Linuxmint

Red Hat

Ubuntu

PT-2023-20165 · Unknown+6 · Gss-Ntlmssp+6

CVE-2023-25567

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54