Summary
Memory corruption can be triggered when decoding UTF16 strings
Details
The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if ntlm_str_convert() were to fail, which would leave outlen uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupting a byte in the application memory space.
Impact
This vulnerability can trigger an out-of-bounds write leading to memory corruption. This vulnerability can be triggered via the main gss_accept_sec_context entry point.
philipturnbull Reporter
Summary
Memory corruption can be triggered when decoding UTF16 strings
Details
The variable
outlenwas not initialized and could cause writing a zero to an arbitrary place in memory ifntlm_str_convert()were to fail, which would leaveoutlenuninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupting a byte in the application memory space.Impact
This vulnerability can trigger an out-of-bounds write leading to memory corruption. This vulnerability can be triggered via the main
gss_accept_sec_contextentry point.