FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libntlm -- buffer overflow vulnerability

Affected packages
libntlm < 1.6

Details

VuXML ID 0f798bd6-8325-11ea-9a78-08002728f74c
Discovery 2019-10-08
Entry 2020-04-21

NVD reports:

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

References

CVE Name CVE-2019-17455
URL https://gitlab.com/jas/libntlm/-/issues/2
URL https://nvd.nist.gov/vuln/detail/CVE-2019-17455