CVE-2026-56968
LOWGnu Sasl < 2.2.4 - Numeric Range Comparison Without Minimum Check
Title source: ruleDescription
GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.
Scores
CVSS v3
3.7
EPSS
0.0024
EPSS Percentile
15.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-839
CWE-908
Status
published
Products (3)
debian/debian_linux
13.0
GNU/GNU SASL
< 2.2.4
gnu/sasl
< 2.2.4
Published
Jun 23, 2026
Tracked Since
Jun 23, 2026