Name of the Vulnerable Software and Affected Versions Poco versions (affected versions not specified)

Description The software contains a flaw related to the handling of NTLM challenge messages. The issue occurs within the parseChallengeMessage function of the Poco::Net::NTLMCredentials class and is triggered during the creation of an NTLM message via Poco::Net::HTTPNTLMCredentials::createNTLMMessage. This results in an unknown read error when constructing a vector of unsigned characters within the std:: 1::vector class.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.