Skip to main content

GNU SASL CVE-2026-48829

| EUVDEUVD-2026-31562 HIGH
NULL Pointer Dereference (CWE-476)
2026-05-24 mitre GHSA-5px8-3qcf-qpm5
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Patch available
May 26, 2026 - 14:16 EUVD
Analysis Generated
May 24, 2026 - 03:45 vuln.today

DescriptionCVE.org

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.

AnalysisAI

Unauthenticated denial of service in GNU SASL before version 2.2.3 occurs through a NULL pointer dereference in the DIGEST-MD5 authentication mechanism. Remote attackers can crash both client and server applications by sending a malformed authentication token that lacks an equals sign character, causing the getsubopt.c parser to dereference a NULL pointer.

Technical ContextAI

GNU SASL (Simple Authentication and Security Layer) is a library implementing the IETF SASL framework used for authentication in protocols like SMTP, IMAP, and XMPP. The vulnerability lies in the DIGEST-MD5 authentication mechanism implementation, specifically in lib/digest-md5/getsubopt.c. The CWE-476 classification indicates a NULL pointer dereference, where the code attempts to access memory through a pointer that hasn't been properly initialized when parsing malformed authentication tokens.

RemediationAI

Upgrade to GNU SASL version 2.2.3 or later which contains the fix for this vulnerability. The patch is available in the upstream repository at https://codeberg.org/gsasl/gsasl/commit/da9b5ae2962b014879e4a406c3b38f25aa70e97a. Debian users should refer to the security announcement at https://lists.debian.org/debian-security-announce/2026/msg00182.html for distribution-specific updates. As a temporary workaround, disable DIGEST-MD5 authentication if other SASL mechanisms are available, though this may impact compatibility with systems that only support DIGEST-MD5.

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Server 16.0 Fixed
SUSE Linux Enterprise Server 16.1 Fixed
SUSE Linux Enterprise Server for SAP applications 16.0 Fixed
SUSE Linux Enterprise Server for SAP applications 16.1 Fixed

Share

CVE-2026-48829 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy