CVE-2026-56968

Summary

GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.

Affected Software

VendorProductVersion RangeStatus
GNUGNU SASL0 < 2.2.4affected

Weaknesses

  • CWE-839: CWE-839 Numeric Range Comparison Without Minimum Check

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References