Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2013-4122

Published: 27/10/2013 Updated: 08/12/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Cyrus-sasl

Vulnerability Summary

Cyrus SASL 2.1.23, 2.1.26, and previous versions does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote malicious users to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.

Vulnerable Product Search on Vulmon Subscribe to Product

cmu cyrus-sasl 2.1.22

cmu cyrus-sasl 2.1.21

cmu cyrus-sasl 2.1.24

cmu cyrus-sasl 2.1.25

cmu cyrus-sasl 1.5.28

cmu cyrus-sasl 2.1.20

cmu cyrus-sasl 2.1.19

cmu cyrus-sasl

cmu cyrus-sasl 2.1.23

Vendor Advisories

Debian CVElist Bug Report Logs: cyrus-sasl2: CVE-2013-4122: NULL pointer dereference
Debian Bug report logs - #716835 cyrus-sasl2: CVE-2013-4122: NULL pointer dereference Package: cyrus-sasl2; Maintainer for cyrus-sasl2 is Debian Cyrus Team <team+cyrus@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 13 Jul 2013 12:33:01 UTC Severity: important Tags: patch, securi ...
Ubuntu Security Notice: cyrus-sasl2 vulnerability
Cyrus SASL could be made to crash if it processed specially crafted input ...
Ubuntu Security Notice: cyrus-sasl2 vulnerability
Cyrus SASL could be made to crash if it processed specially crafted input ...
Debian Security Advisories: DSA-3368-1 cyrus-sasl2 -- security update
It was discovered that cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, does not properly handle certain invalid password salts A remote attacker can take advantage of this flaw to cause a denial of service For the stable distribution (jessie), this problem has been fixed in version 2126dfsg1-13+deb8u1 For the ...
Amazon Linux AMI: ALAS-2014-338
Cyrus SASL 2123, 2126, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 217 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted passw ...
Red Hat: CVE-2013-4122
Cyrus SASL 2123, 2126, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 217 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted passw ...

References

CWE-189http://www.openwall.com/lists/oss-security/2013/07/12/6http://www.openwall.com/lists/oss-security/2013/07/15/1http://www.openwall.com/lists/oss-security/2013/07/12/3http://www.openwall.com/lists/oss-security/2013/07/13/1http://security.gentoo.org/glsa/glsa-201309-01.xmlhttps://www.linuxquestions.org/questions/slackware-14/%5Bslackware-current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40dhttp://www.ubuntu.com/usn/USN-2755-1http://www.debian.org/security/2015/dsa-3368https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716835https://nvd.nist.govhttps://usn.ubuntu.com/1988-1/https://access.redhat.com/security/cve/cve-2013-4122
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook