Description
GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.
Published: 2026-06-23
Score: 3.7 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the GNU SASL NTLM client routine _gsasl_ntlm_client_step, where a short challenge issued by a server is not properly sanitized. This trigger sensitive data from memory, thereby compromising Improper Input Validation flaw, identified as CWE‑839.

Affected Systems

GNU SASL versions earlier than 2.2.4 on any host that uses the NTLM authentication mechanism are affected. Systems running the library without the patch are vulnerable to a memory disclosure attack if they accept a crafted NTLM challenge from a server.

Risk and Exploitability

The CVSS score of 3.7 indicates moderate severity, and no EPSS value is available. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires the client to establish a TLS connection with a server that sends a crafted short NTLM challenge. An attacker controlling the server can invoke this flaw without needing elevated privileges on the client.

Generated by OpenCVE AI on June 23, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade GNU SASL to version 2.2.4 or later, which includes the sanitization fix for NTLM challenges.
  • If an immediate upgrade is not feasible, disable NTLM authentication in the SASL configuration or restrict authentication to trusted servers only.
  • Ensure that all client connections enforce TLS and that application logs are monitored for anomalous authentication attempts to detect potential exploitation attempts.

Generated by OpenCVE AI on June 23, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title NTLM Client Short Challenge Improper Sanitization Leads to Memory Disclosure

Tue, 23 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Title NTLM Client Short Challenge Improper Sanitization Leads to Memory Disclosure

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.
First Time appeared Gnu
Gnu gnu Sasl
Weaknesses CWE-839
CPEs cpe:2.3:a:gnu:gnu_sasl:*:*:*:*:*:*:*:*
Vendors & Products Gnu
Gnu gnu Sasl
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Gnu Gnu Sasl
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-23T17:31:49.772Z

Reserved: 2026-06-23T16:18:28.745Z

Link: CVE-2026-56968

cve-icon Vulnrichment

Updated: 2026-06-23T17:31:46.629Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T22:30:08Z

Weaknesses
  • CWE-839

    Numeric Range Comparison Without Minimum Check