Out-of-bounds Write Affecting gssntlmssp package, versions <0:1.2.0-1.el8_8


medium

Snyk CVSS

    Attack Complexity Low
    Availability High

    Threat Intelligence

    EPSS 0.09% (36th percentile)
Expand this section
NVD
8.2 high
Expand this section
Red Hat
7.5 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-ORACLE8-GSSNTLMSSP-5599906
  • published 25 May 2023
  • disclosed 14 Feb 2023

How to fix?

Upgrade Oracle:8 gssntlmssp to version 0:1.2.0-1.el8_8 or higher.
This issue was patched in ELSA-2023-3097.

NVD Description

Note: Versions mentioned in the description apply only to the upstream gssntlmssp package and not the gssntlmssp package as distributed by Oracle. See How to fix? for Oracle:8 relevant fixed versions and status.

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if ntlm_str_convert() were to fail, which would leave outlen uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main gss_accept_sec_context entry point. This issue is fixed in version 1.2.0.