CVE-2023-25566

GSS-NTLMSSP vulnerable to memory leak when parsing usernames

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0.

A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. A memory leak can be triggered when parsing usernames, triggering a denial of service. The domain portion of a username may be overridden, causing an allocated memory area the size of the domain name to be leaked. This flaw allows an attacker to leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial of service.

The gssntlmssp is a GSSAPI NTLM mechanism that allows to perform NTLM authentication in GSSAPI programs. Issues addressed include memory leak and out of bounds read vulnerabilities.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-02-07 CVE Reserved
2023-02-14 CVE Published
2025-03-10 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (5)

URL	Tag	Source
https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0	Third Party Advisory
https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4	2023-11-07

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-25566	2023-05-16
https://bugzilla.redhat.com/show_bug.cgi?id=2172022	2023-05-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gss-ntlmssp Project Search vendor "Gss-ntlmssp Project"		Gss-ntlmssp Search vendor "Gss-ntlmssp Project" for product "Gss-ntlmssp"				< 1.2.0 Search vendor "Gss-ntlmssp Project" for product "Gss-ntlmssp" and version " < 1.2.0"		-		Affected