Out-of-bounds Write Affecting gssntlmssp package, versions <0:1.2.0-1.el8_8
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RHEL8-GSSNTLMSSP-5543695
- published21 Feb 2023
- disclosed14 Feb 2023
Introduced: 14 Feb 2023
CVE-2023-25564 (opens in a new tab)How to fix?
Upgrade RHEL:8 gssntlmssp to version 0:1.2.0-1.el8_8 or higher.
This issue was patched in RHSA-2023:3097.
NVD Description
Note: Versions mentioned in the description apply only to the upstream gssntlmssp package and not the gssntlmssp package as distributed by RHEL.
See How to fix? for RHEL:8 relevant fixed versions and status.
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if ntlm_str_convert() were to fail, which would leave outlen uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main gss_accept_sec_context entry point. This issue is fixed in version 1.2.0.