GHSA-2qgp-6c6g-cmwvLowCVSS 3.7

GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the...

Published
June 23, 2026
Last Modified
June 23, 2026

🔗 CVE IDs covered (1)

📋 Description

GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.

🔗 References (6)