Carnegie Mellon University Cyrus SASL 2.1.19
Approved changes feed: RSS · Atom
cpe:2.3:a:cmu:cyrus-sasl:2.1.19:*:*:*:*:*:*:*
part: a version: 2.1.19 update: *
| Vendor | Cmu (d8fc24cc-efa9-507c-a308-194264732bb6) |
|---|---|
| Product | Cyrus Sasl (41111b94-30e5-5bf0-99e8-7c7676537e2e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/cyrus-sasl2 |
purl2cpe | 2026-06-01 10:11:52.277144 |
pkg:deb/ubuntu/cyrus-sasl2 |
purl2cpe | 2026-06-01 10:11:52.277145 |
pkg:github/cyrusimap/cyrus-sasl |
purl2cpe | 2026-06-01 10:11:52.277146 |
pkg:gitlab/redhat/cyrus-sasl |
purl2cpe | 2026-06-01 10:11:52.277148 |
pkg:rpm/centos/cyrus-sasl |
purl2cpe | 2026-06-01 10:11:52.277149 |
pkg:rpm/fedora/cyrus-sasl |
purl2cpe | 2026-06-01 10:11:52.277150 |
pkg:rpm/opensuse/cyrus-sasl |
purl2cpe | 2026-06-01 10:11:52.277157 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2013-4122 |
vulnerable | 2026-06-08 05:04:33.862147 |
Details available
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.
Published: 2013-10-27T00:00:00.000Z
Updated: 2024-08-06T16:30:50.049Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.