Search CVE reports

Toggle filters

1 – 3 of 3 results

CVE-2026-56968

Medium priority
Needs evaluation

GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.

1 affected package

gsasl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gsasl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-48829

Medium priority

Some fixes available 3 of 7

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.

1 affected package

gsasl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gsasl Fixed Fixed Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-2469

Low priority

Some fixes available 5 of 6

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client

1 affected package

gsasl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gsasl Not affected Not affected Fixed Fixed Fixed
Show less packages