Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.
AnalysisAI
Unauthenticated denial of service in GNU SASL before version 2.2.3 occurs through a NULL pointer dereference in the DIGEST-MD5 authentication mechanism. Remote attackers can crash both client and server applications by sending a malformed authentication token that lacks an equals sign character, causing the getsubopt.c parser to dereference a NULL pointer.
Technical ContextAI
GNU SASL (Simple Authentication and Security Layer) is a library implementing the IETF SASL framework used for authentication in protocols like SMTP, IMAP, and XMPP. The vulnerability lies in the DIGEST-MD5 authentication mechanism implementation, specifically in lib/digest-md5/getsubopt.c. The CWE-476 classification indicates a NULL pointer dereference, where the code attempts to access memory through a pointer that hasn't been properly initialized when parsing malformed authentication tokens.
RemediationAI
Upgrade to GNU SASL version 2.2.3 or later which contains the fix for this vulnerability. The patch is available in the upstream repository at https://codeberg.org/gsasl/gsasl/commit/da9b5ae2962b014879e4a406c3b38f25aa70e97a. Debian users should refer to the security announcement at https://lists.debian.org/debian-security-announce/2026/msg00182.html for distribution-specific updates. As a temporary workaround, disable DIGEST-MD5 authentication if other SASL mechanisms are available, though this may impact compatibility with systems that only support DIGEST-MD5.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| openSUSE Leap 16.0 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31562
GHSA-5px8-3qcf-qpm5