CVE-2019-17455 – Ubuntu Security Notice USN-5108-1

https://notcve.org/view.php?id=CVE-2019-17455

10 Oct 2019 — Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. Libntlm versiones hasta 1.5, se basa en un tamaño de búfer fijo para operaciones de lectura y escritura de las funciones tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge y tSmbNtlmAuthResponse, como es demostrado por una lectura excesiva de búfer en ... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00029.html • CWE-125: Out-of-bounds Read •