Gnu Sasl
Monthly
Memory disclosure in GNU SASL's NTLM client implementation allows a malicious or man-in-the-middle server to extract portions of client process memory by delivering a crafted undersized challenge to the `_gsasl_ntlm_client_step` function. All GNU SASL versions before 2.2.4 are affected, with the fix confirmed in the 2.2.4 release and a Debian security advisory issued downstream. No active exploitation has been identified; the high attack complexity required to position a malicious NTLM server tempers the already-low CVSS 3.7 rating.
Unauthenticated denial of service in GNU SASL before version 2.2.3 occurs through a NULL pointer dereference in the DIGEST-MD5 authentication mechanism. Remote attackers can crash both client and server applications by sending a malformed authentication token that lacks an equals sign character, causing the getsubopt.c parser to dereference a NULL pointer.
Memory disclosure in GNU SASL's NTLM client implementation allows a malicious or man-in-the-middle server to extract portions of client process memory by delivering a crafted undersized challenge to the `_gsasl_ntlm_client_step` function. All GNU SASL versions before 2.2.4 are affected, with the fix confirmed in the 2.2.4 release and a Debian security advisory issued downstream. No active exploitation has been identified; the high attack complexity required to position a malicious NTLM server tempers the already-low CVSS 3.7 rating.
Unauthenticated denial of service in GNU SASL before version 2.2.3 occurs through a NULL pointer dereference in the DIGEST-MD5 authentication mechanism. Remote attackers can crash both client and server applications by sending a malformed authentication token that lacks an equals sign character, causing the getsubopt.c parser to dereference a NULL pointer.