What is CVE-2023-25563?

CVE-2023-25563 is a medium-severity vulnerability in Gssapi Gss-ntlmssp, classified under Out-of-bounds Read. CVSS score: 5.9/10. Published 2023-02-14.

How severe is CVE-2023-25563?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Is CVE-2023-25563 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Out-of-bounds Read in Gssapi Gss-ntlmssp

CVE-2023-25563

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow conditio…

Vulnerability class: Buffer Overflow

EPSS: 0.003 (50.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Gssapi Gss-ntlmssp — versions < 1.2.0

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

Public proof-of-concept exploits

emotest1/emo_

References

https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf (x_refsource_CONFIRM)
https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd (x_refsource_MISC)
https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-25563?: CVE-2023-25563 is a medium-severity vulnerability in Gssapi Gss-ntlmssp, classified under Out-of-bounds Read. CVSS score: 5.9/10. Published 2023-02-14.
How severe is CVE-2023-25563?: Medium severity. CVSS v3 base score is 5.9 out of 10.
Is CVE-2023-25563 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.