CVE-2023-25564: 
Alma Linux vulnerability analysis and mitigation

A memory corruption vulnerability (CVE-2023-25564) was discovered in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. The vulnerability was identified in versions <= 1.1.0 and was patched in version 1.2.0, released on February 12, 2023. The issue was discovered by Phil Turnbull from the GitHub Security Lab team via oss-fuzz (GitHub Advisory, GitHub Release).

The vulnerability stems from an uninitialized variable 'outlen' in the UTF16 string decoding process. When ntlm_str_convert() fails, the uninitialized outlen variable could cause a zero to be written to an arbitrary memory location. The issue occurs in the ntlm_decode_u16l_str_hdr function where the outlen variable was not properly initialized before use (GitHub Commit).

The vulnerability can lead to an out-of-bounds write resulting in memory corruption. If the write operation hits unmapped memory, it can cause a denial of service, or it may randomly corrupt a byte in the application memory space. The vulnerability can be triggered through the main gss_accept_sec_context entry point (GitHub Advisory).

The vulnerability has been fixed in GSS-NTLMSSP version 1.2.0. The fix includes initializing the outlen variable to 0 and ensuring that the string termination only occurs when ntlm_str_convert() succeeds. Users are advised to upgrade to version 1.2.0 or later to address this security issue (GitHub Release).