📦

cyrus-sasl

Vendor: cmu

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 1.17% Exploit Prob.

Latest CVE CVE-2013-4122 Oct 27

Security Vulnerability Index

Page 1 / 1

4.3 CVSS

CVE-2013-4122

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.

EPSS: 1.17%

Severity: MEDIUM

Oct 27, 2013

Displaying 1 of 2 Total Entries

Total 1 Sections