Published: 19/02/2022 Updated: 03/03/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

sha256crypt and sha512crypt up to and including 0.6 allow malicious users to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sha256crypt project sha256crypt
sha512crypt project sha512crypt

Combining the best - Canonical's Chisel with consumable SBOMs!

Results This stuff is very hacky at the moment - it was hacked together in an afternoon! Update @ 11-June-2023: Our SBOMs are now directly scannable by Trivy! Here is a scan of the chiselled stunnel container image $ trivy sbom base_image_stunnel_sbomjson 2023-06-15T23:23:51606+0530 INFO Vulnerability scanning is enabled 2023-06-15T23:23:51607+0530 INFO Detected SBOM format

CWE-770 https://twitter.com/solardiz/status/795601240151457793 https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/https://akkadia.org/drepper/SHA-crypt.txt https://nvd.nist.gov https://github.com/kholia/chisel-examples

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-20013

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect