CVE-2022-2469

3.8LOW

Key Information:

Vendor: Gnu
Status: Gnu Sasl
Vendor: CVE Published:; 19 July 2022

Summary

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client

Affected Version(s)

GNU SASL >=0.0.0, <2.0.1

References

https://gitlab.com/gsasl/gsasl/-/commit/796e4197f696261c1...

x_refsource_MISC

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE...

x_refsource_CONFIRM

https://www.debian.org/security/2022/dsa-5189

vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Jul 19, 2022

Credit

Simon Josefsson

.