GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb
and sh
buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main gss_accept_sec_context
entry point. This will likely trigger an assertion failure in free
, causing a denial-of-service. This issue is fixed in version 1.2.0.
{ "vanir_signatures": [ { "id": "CVE-2023-25565-acd0ce6d", "signature_type": "Function", "target": { "file": "src/ntlm.c", "function": "ntlm_decode_target_info" }, "digest": { "function_hash": "57595160462499231153569960669104736734", "length": 2656.0 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64" }, { "id": "CVE-2023-25565-da305334", "signature_type": "Line", "target": { "file": "src/ntlm.c" }, "digest": { "line_hashes": [ "64777609298809064002460594937770732006", "146692340936863203257691673171394704048", "174878446513571599842790967051535304059", "96459211810076347250371749130271698417", "221266557796664850863809294612000062182" ], "threshold": 0.9 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64" } ] }