Zero Day MonitorZDM

← Back to list

EST

PRE-CVEPATCHED

gnu · gsasl

GNU gsasl Heap Disclosure in NTLM Client Step

56% confidence

Description

In GNU gsasl versions prior to 2.2.4, the NTLM client implementation in _gsasl_ntlm_client_step() does not properly initialize memory when processing a Type-2 challenge from a server. A malicious NTLM server can send a short challenge, leaving the remaining bytes of the allocated struct uninitialized. These uninitialized bytes are later read and included in the NTLM response sent to the server, disclosing heap memory contents.

Affected Products

Vendor	Product	Versions
gnu	gsasl	< 2.2.4

Related News (1 articles)

Tier C

oss-security3h ago

Fwd: gsasl-2.2.4 released - fixes heap disclosure

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

2.2.4

CWECWE-908

PublishedJun 16, 2026

Last enriched2h ago

Tags

heap disclosurentlmuninitialized memory

Trending Score23

Source articles1

Independent1

Info Completeness8/14

Missing: cve_id, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-5450

scanf %mc off-by-one heap buffer overflow

HIGHCVE-2026-48829

CVE-2026-48829: In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known toke

NONECVE-2026-6846

Binutils: binutils: arbitrary code execution via malformed xcoff object file processing

NONECVE-2026-5958

Race Condition in GNU Sed

HIGHCVE-2026-40556

Insecure Directory Permissions in GNU nano Leading to Privilege Abuse

Pin to Dashboard

Verification

State: reported

Confidence: 56%

Vulnerability Timeline

CVE Published

Jun 16, 2026

Patch Available

Jun 16, 2026

Discovered by ZDM

Jun 16, 2026