[Git][security-tracker-team/security-tracker][master] Add new gss-ntlmssp issues: CVE-2023-2556{3,4,5,6,7}

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b75b07e8 by Salvatore Bonaccorso at 2023-02-14T07:39:36+01:00
Add new gss-ntlmssp issues: CVE-2023-2556{3,4,5,6,7}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -647,16 +647,31 @@ CVE-2023-25569
 	RESERVED
 CVE-2023-25568
 	RESERVED
-CVE-2023-25567
-	RESERVED
-CVE-2023-25566
-	RESERVED
-CVE-2023-25565
-	RESERVED
-CVE-2023-25564
-	RESERVED
-CVE-2023-25563
-	RESERVED
+CVE-2023-25567 [Out-of-bounds read when decoding target information]
+	RESERVED
+	- gss-ntlmssp <unfixed>
+	NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch
+	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4 (v1.2.0)
+CVE-2023-25566 [Memory leak when parsing usernames]
+	RESERVED
+	- gss-ntlmssp <unfixed>
+	NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74
+	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4 (v1.2.0)
+CVE-2023-25565 [Incorrect free when decoding target information]
+	RESERVED
+	- gss-ntlmssp <unfixed>
+	NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg
+	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64 (v1.2.0)
+CVE-2023-25564 [Memory corruption when decoding UTF16 strings]
+	RESERVED
+	- gss-ntlmssp <unfixed>
+	NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq
+	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950 (v1.2.0)
+CVE-2023-25563 [Multiple out-of-bounds read when decoding NTLM fields]
+	RESERVED
+	- gss-ntlmssp <unfixed>
+	NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf
+	NOTE: https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd (v1.2.0)
 CVE-2023-25562 (DataHub is an open-source metadata platform. In versions of DataHub pr ...)
 	NOT-FOR-US: DataHub
 CVE-2023-25561 (DataHub is an open-source metadata platform. In the event a system is  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b75b07e812a3999f242d90317b1767c2eb8e9c52

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b75b07e812a3999f242d90317b1767c2eb8e9c52
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230214/cf88427c/attachment.htm>