GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main gss_accept_sec_context entry point. This will likely trigger an assertion failure in free, causing a denial-of-service. This issue is fixed in version 1.2.0.
{
"cwe_ids": [
"CWE-590"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25565.json",
"cna_assigner": "GitHub_M"
}{
"cpe": "cpe:2.3:a:gss-ntlmssp_project:gss-ntlmssp:*:*:*:*:*:*:*:*",
"source": [
"CPE_RANGE",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0"
}
]
}"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25565.json"
[
{
"digest": {
"length": 2656.0,
"function_hash": "57595160462499231153569960669104736734"
},
"source": "https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2023-25565-acd0ce6d",
"signature_version": "v1",
"target": {
"file": "src/ntlm.c",
"function": "ntlm_decode_target_info"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"64777609298809064002460594937770732006",
"146692340936863203257691673171394704048",
"174878446513571599842790967051535304059",
"96459211810076347250371749130271698417",
"221266557796664850863809294612000062182"
]
},
"source": "https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2023-25565-da305334",
"signature_version": "v1",
"target": {
"file": "src/ntlm.c"
}
}
]
"2026-07-15T01:36:25Z"