5.3

CVE-2026-56968

Exploit
GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuSasl Version < 2.2.4
DebianDebian Linux Version13.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.151
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cve@mitre.org 3.7 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-839 Numeric Range Comparison Without Minimum Check

The product checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://lists.gnu.org/archive/html/help-gsasl/2026-06/msg00000.html
Vendor Advisory
Exploit
Mailing List
https://lists.debian.org/debian-security-announce/2026/msg00259.html
Mailing List
https://ftp.gnu.org/gnu/gsasl/
Product
https://www.gnu.org/software/gsasl/
Product