UBUNTU-CVE-2013-4122

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2013-4122
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-4122.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2013-4122
Related
Published
2013-07-18T00:00:00Z
Modified
2013-07-18T00:00:00Z
Summary
[none]
Details

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.

References

Affected packages

Ubuntu:14.04:LTS / cyrus-sasl2

Package

Name
cyrus-sasl2
Purl
pkg:deb/ubuntu/cyrus-sasl2?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.25.dfsg1-17

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.1.25.dfsg1-17",
            "binary_name": "cyrus-sasl2-dbg"
        },
        {
            "binary_version": "2.1.25.dfsg1-17",
            "binary_name": "cyrus-sasl2-doc"
        },
        {
            "binary_version": "2.1.25.dfsg1-17",
            "binary_name": "cyrus-sasl2-heimdal-dbg"
        },
        {
            "binary_version": "2.1.25.dfsg1-17",
            "binary_name": "cyrus-sasl2-mit-dbg"
        },
        {
            "binary_version": "2.1.25.dfsg1-17",
            "binary_name": "libsasl2-2"
        },
        {
            "binary_version": "2.1.25.dfsg1-17",
            "binary_name": "libsasl2-dev"
        },
        {
            "binary_version": "2.1.25.dfsg1-17",
            "binary_name": "libsasl2-modules"
        },
        {
            "binary_version": "2.1.25.dfsg1-17",
            "binary_name": "libsasl2-modules-db"
        },
        {
            "binary_version": "2.1.25.dfsg1-17",
            "binary_name": "libsasl2-modules-gssapi-heimdal"
        },
        {
            "binary_version": "2.1.25.dfsg1-17",
            "binary_name": "libsasl2-modules-gssapi-mit"
        },
        {
            "binary_version": "2.1.25.dfsg1-17",
            "binary_name": "libsasl2-modules-ldap"
        },
        {
            "binary_version": "2.1.25.dfsg1-17",
            "binary_name": "libsasl2-modules-otp"
        },
        {
            "binary_version": "2.1.25.dfsg1-17",
            "binary_name": "libsasl2-modules-sql"
        },
        {
            "binary_version": "2.1.25.dfsg1-17",
            "binary_name": "sasl2-bin"
        }
    ]
}