Gnu · Gnu Sasl · CVE-2026-48829
**Name of the Vulnerable Software and Affected Versions**
GNU SASL versions prior to 2.2.3
**Description**
DIGEST-MD5 contains a NULL pointer dereference affecting both clients and servers. This issue occurs in the file lib/digest-md5/getsubopt.c when a known token is provided without an accompanying = character.
**Recommendations**
Update to version 2.2.3 or later.