1. Home
  2. CVE Database
  3. CVE-2013-4122
MEDIUM · 4.3

CVE-2013-4122

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers ...

Vulnerability Description

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL

Affected Products

VendorProductVersions
CmuCyrus-Sasl<= 2.1.26
GnuGlibc2.2

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2013-4122?

CVE-2013-4122 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers ...

How severe is CVE-2013-4122?

CVE-2013-4122 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4122?

Check the references section above for vendor advisories and patch information. Affected products include: Cmu Cyrus-Sasl, Gnu Glibc.