Server-Side Read-Out-of-Bounds Vulnerability in GNU SASL by GNU Project
CVE-2022-2469

3.8LOW

Key Information:

Vendor

Gnu
Status
Gnu Sasl
Vendor
CVE Published:
19 July 2022

What is CVE-2022-2469?

A server-side read-out-of-bounds vulnerability exists in GNU SASL, which can be exploited by a maliciously authenticated GSS-API client. This flaw may allow attackers to read data beyond the intended buffer allocations, potentially leading to unauthorized access to sensitive data. The issue affects certain versions of the GNU SASL, making it imperative for users to apply appropriate patches or updates to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GNU SASL >=0.0.0, <2.0.1

References

https://gitlab.com/gsasl/gsasl/-/commit/796e4197f696261c1...
x_refsource_MISC
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE...
x_refsource_CONFIRM
https://www.debian.org/security/2022/dsa-5189
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
3.8
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Simon Josefsson
JSON
.