Summary
Multiple out-of-bounds read when decoding NTLM fields can trigger a denial of service.
Details
A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen.
Impact
This vulnerability can be triggered via the main gss_accept_sec_context entry point if the application allows tokens greater than 4GB in length. This can lead to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory.
philipturnbull Reporter
Summary
Multiple out-of-bounds read when decoding NTLM fields can trigger a denial of service.
Details
A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen.
Impact
This vulnerability can be triggered via the main
gss_accept_sec_contextentry point if the application allows tokens greater than 4GB in length. This can lead to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory.