GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the av_pair is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main gss_accept_sec_context entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25567.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-125"
]
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0"
}
],
"cpe": "cpe:2.3:a:gss-ntlmssp_project:gss-ntlmssp:*:*:*:*:*:*:*:*"
}"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25567.json"
"2026-07-15T01:36:26Z"
[
{
"source": "https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4",
"digest": {
"length": 2614.0,
"function_hash": "295931300105472389840611522012945909811"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-25567-20ca4e83",
"target": {
"function": "ntlm_decode_target_info",
"file": "src/ntlm.c"
},
"signature_type": "Function"
},
{
"source": "https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4",
"digest": {
"threshold": 0.9,
"line_hashes": [
"329743560795464476895232845368295987571",
"48100070528925819657576299319623394864",
"303437604845121147420625571195586538457",
"46502789084243232481075414645123473400",
"70834396620221594922657795775309503399",
"265237019340786180551472604632610818336",
"81799710271861100236197808039689992782",
"31764002907565967064075017503913859348",
"104704938735519366560627176038904399139"
]
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-25567-9b1bb4a1",
"target": {
"file": "src/ntlm.c"
},
"signature_type": "Line"
}
]