OSV-2025-275

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/poco/OSV-2025-275.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2025-275

Published

2025-04-14T00:02:37.519708Z

Modified

2025-04-17T14:43:50.559313Z

Summary

UNKNOWN READ in void std::__1::vector<unsigned char, std::__1::allocator<unsigned char>>::__cons

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=410115359

Crash type: UNKNOWN READ
Crash state:
void std::__1::vector&lt;unsigned char, std::__1::allocator&lt;unsigned char>>::__cons
Poco::Net::NTLMCredentials::parseChallengeMessage
Poco::Net::HTTPNTLMCredentials::createNTLMMessage

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=410115359

Affected packages

OSS-Fuzz / poco

Package

Name: poco
Purl: pkg:generic/poco

Affected ranges

Type: GIT
Repo: https://github.com/pocoproject/poco
Events: Introduced

e55bb7032d20616c3fc22dcdb072ec53c4ef69d6

Fixed

a0822e02ca08c5fa7cf37c7448a0a647c0e332c1

Fixed

88454842602be2dfe5a3d9b5490660dde804644d

Affected versions

poco-1.*

poco-1.14.0-release

poco-1.14.1-release

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

{
    "introduced_range": "03c35cff930e421199b586c33a00eb6cc537ba28:3a8c6a72b13d1a6ce4e45e4f0f1a428b308b531e",
    "fixed_range": "501521b2f5b6e2edf55aa3f562e1e36e5ee69b01:a0822e02ca08c5fa7cf37c7448a0a647c0e332c1"
}