5.3
CVE-2026-56968
- EPSS 0.24%
- Veröffentlicht 23.06.2026 16:18:29
- Zuletzt bearbeitet 29.06.2026 23:00:33
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version13.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.151 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| cve@mitre.org | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-839 Numeric Range Comparison Without Minimum Check
The product checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
https://lists.gnu.org/archive/html/help-gsasl/2026-06/msg00000.html
https://lists.debian.org/debian-security-announce/2026/msg00259.html
https://ftp.gnu.org/gnu/gsasl/
https://www.gnu.org/software/gsasl/