Browse all 5 CVE security advisories affecting gssapi. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GSSAPI serves as a core security framework for authentication and authorization, enabling secure communication protocols across enterprise environments. Historically, vulnerabilities in this implementation have frequently resulted in remote code execution and privilege escalation flaws, often stemming from improper input validation and buffer handling issues. The five recorded CVEs highlight persistent risks in authentication bypass and denial-of-service vectors. While no major public incidents have been widely documented, the consistent discovery of critical flaws underscores the importance of rigorous implementation and timely patching for systems relying on this authentication mechanism.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-25567 | GSS-NTLMSSP vulnerable to out-of-bounds read when decoding target information — gss-ntlmsspCWE-125 | 7.5 | High | 2023-02-14 |
| CVE-2023-25566 | GSS-NTLMSSP vulnerable to memory leak when parsing usernames — gss-ntlmsspCWE-401 | 7.5 | High | 2023-02-14 |
| CVE-2023-25565 | GSS-NTLMSSP vulnerable to incorrect free when decoding target information — gss-ntlmsspCWE-590 | 7.5 | High | 2023-02-14 |
| CVE-2023-25564 | GSS-NTLMSSP vulnerable to memory corruption when decoding UTF16 strings — gss-ntlmsspCWE-787 | 6.5 | Medium | 2023-02-14 |
| CVE-2023-25563 | GSS-NTLMSSP vulnerable to multiple out-of-bounds reads when decoding NTLM fields — gss-ntlmsspCWE-125 | 5.9 | Medium | 2023-02-14 |
This page lists every published CVE security advisory associated with gssapi. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.