Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-4122

Опубликовано: 12 июл. 2013
Источник: redhat
CVSS2: 5
EPSS Низкий

Описание

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.

Отчет

Not Vulnerable. This issue does not affect the version of cyrus-sasl package as shipped with Red Hat Enterprise Linux 5 and 6.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5cyrus-saslNot affected
Red Hat Enterprise Linux 6cyrus-saslNot affected
Red Hat Enterprise Linux 7cyrus-saslNot affected
Red Hat JBoss Enterprise Application Platform 5cyrus-saslNot affected
Red Hat JBoss Enterprise Application Platform 6cyrus-saslNot affected
Red Hat JBoss Enterprise Web Server 2cyrus-saslNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=984669cyrus-sasl: NULL pointer dereference (DoS) when glibc v.2.17 or FIPS-140 enabled Linux system used

EPSS

Процентиль: 78%
0.01179
Низкий

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-4122

ubuntu
больше 12 лет назад

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.

nvd логотип

CVE-2013-4122

nvd
больше 12 лет назад

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.

debian логотип

CVE-2013-4122

debian
больше 12 лет назад

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a ...

github логотип

GHSA-pwpx-m778-r79w

github
больше 3 лет назад

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.

fstec логотип

BDU:2015-09740

fstec
больше 12 лет назад

Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

EPSS

Процентиль: 78%
0.01179
Низкий

5 Medium

CVSS2