Primary

Context

go-ntlmssp Out-of-Bounds Write Vulnerability in NTLM Challenge Handling

Vulnerability

A vulnerability in the go-ntlmssp package, prior to version 0.1.1, allows a malicious NTLM challenge message to cause a slice out-of-bounds panic. This issue can crash any Go process that uses 'ntlmssp.Negotiator' as an HTTP transport. The vulnerability arises from improper handling of NTLM challenge messages, leading to a panic that disrupts the normal execution of the program.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the Go process to crash.

Remediation

Users can upgrade to go-ntlmssp version 0.1.1 or later to address this vulnerability.

Added: Apr 24, 2026, 3:27 AM

Updated: Apr 24, 2026, 3:27 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

6.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

6.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

go-ntlmssp Out-of-Bounds Write Vulnerability in NTLM Challenge Handling

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating