PT-2022-7683 · Gnu+4 · Libgsasl+4

Simon Josefsson

Published

2022-07-15

Updated

2026-04-04

CVE-2022-2469

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU SASL libgsasl (affected versions not specified)

Description The issue is related to a server-side read-out-of-bounds condition in GNU SASL libgsasl, which can be triggered by a malicious authenticated GSS-API client. This could potentially allow a remote attacker to access confidential information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2024-09877

CVE-2022-2469

DSA-5189-1

MGASA-2022-0298

OESA-2024-1351

OESA-2024-1441

OESA-2024-1442

OESA-2024-1443

OESA-2024-1444

OESA-2024-1445

OPENSUSE-SU-2024:12325-1

OPENSUSE-SU-2024:13666-1

SUSE-SU-2022:3561-1

SUSE-SU-2022:3562-1

SUSE-SU-2022:3563-1

USN-6169-1

Affected Products

Linuxmint

Red Os

Suse

Ubuntu

Libgsasl

PT-2022-7683 · Gnu+4 · Libgsasl+4

CVE-2022-2469

Weakness Enumeration

Related Identifiers

Affected Products

References · 44