Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GSS-NTLMSSP vulnerable to memory leak when parsing usernames
Vulnerability Description
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
在移除最后引用时对内存的释放不恰当(内存泄露)
Vulnerability Title
GSS-NTLMSSP 安全漏洞
Vulnerability Description
GSS-NTLMSSP是gssapi开源的一个实现 NTLM 身份验证的 GSSAPI 库的 mechglue 插件。 GSS-NTLMSSP 1.2.0之前版本存在安全漏洞,该漏洞源于解析用户名时可能会触发内存泄漏,从而触发拒绝服务,攻击者可以通过“gss_accept_sec_context”主入口点触发该漏洞。
CVSS Information
N/A
Vulnerability Type
N/A