CVE-2016-20013

Опубликовано: 19 фев. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

Ссылки

https://akkadia.org/drepper/SHA-crypt.txt
Exploit
Third Party Advisory
https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/
Exploit
Third Party Advisory
https://twitter.com/solardiz/status/795601240151457793
Third Party Advisory
https://akkadia.org/drepper/SHA-crypt.txt
Exploit
Third Party Advisory
https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/
Exploit
Third Party Advisory
https://twitter.com/solardiz/status/795601240151457793
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sha256crypt_project:sha256crypt:*:*:*:*:*:*:*:*

Версия до 0.6 (включая)

cpe:2.3:a:sha512crypt_project:sha512crypt:*:*:*:*:*:*:*:*

Версия до 0.6 (включая)

EPSS

Процентиль: 53%

0.00307

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-770

Связанные уязвимости

CVE-2016-20013

CVSS3: 7.5

ubuntu

почти 4 года назад

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

CVE-2016-20013

CVSS3: 7.5

debian

почти 4 года назад

sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...

GHSA-7rf5-g36v-wpjh

github

почти 4 года назад

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

EPSS

Процентиль: 53%

0.00307

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-770