Skip to main content

Gnu Sasl

2 CVEs product

Monthly

CVE-2026-56968 MEDIUM PATCH This Month

Memory disclosure in GNU SASL's NTLM client implementation allows a malicious or man-in-the-middle server to extract portions of client process memory by delivering a crafted undersized challenge to the `_gsasl_ntlm_client_step` function. All GNU SASL versions before 2.2.4 are affected, with the fix confirmed in the 2.2.4 release and a Debian security advisory issued downstream. No active exploitation has been identified; the high attack complexity required to position a malicious NTLM server tempers the already-low CVSS 3.7 rating.

Information Disclosure Gnu Sasl
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-48829 HIGH PATCH This Week

Unauthenticated denial of service in GNU SASL before version 2.2.3 occurs through a NULL pointer dereference in the DIGEST-MD5 authentication mechanism. Remote attackers can crash both client and server applications by sending a malformed authentication token that lacks an equals sign character, causing the getsubopt.c parser to dereference a NULL pointer.

Null Pointer Dereference Denial Of Service Gnu Sasl
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory disclosure in GNU SASL's NTLM client implementation allows a malicious or man-in-the-middle server to extract portions of client process memory by delivering a crafted undersized challenge to the `_gsasl_ntlm_client_step` function. All GNU SASL versions before 2.2.4 are affected, with the fix confirmed in the 2.2.4 release and a Debian security advisory issued downstream. No active exploitation has been identified; the high attack complexity required to position a malicious NTLM server tempers the already-low CVSS 3.7 rating.

Information Disclosure Gnu Sasl
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated denial of service in GNU SASL before version 2.2.3 occurs through a NULL pointer dereference in the DIGEST-MD5 authentication mechanism. Remote attackers can crash both client and server applications by sending a malformed authentication token that lacks an equals sign character, causing the getsubopt.c parser to dereference a NULL pointer.

Null Pointer Dereference Denial Of Service Gnu Sasl
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy