VYPR
Unrated severityNVD Advisory· Published Oct 27, 2013· Updated Jun 16, 2026

CVE-2013-4122

CVE-2013-4122

Description

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • cpe:2.3:a:cmu:cyrus-sasl:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:cmu:cyrus-sasl:*:*:*:*:*:*:*:*range: <=2.1.26
    • cpe:2.3:a:cmu:cyrus-sasl:1.5.28:*:*:*:*:*:*:*
    • cpe:2.3:a:cmu:cyrus-sasl:2.1.19:*:*:*:*:*:*:*
    • cpe:2.3:a:cmu:cyrus-sasl:2.1.20:*:*:*:*:*:*:*
    • cpe:2.3:a:cmu:cyrus-sasl:2.1.21:*:*:*:*:*:*:*
    • cpe:2.3:a:cmu:cyrus-sasl:2.1.22:*:*:*:*:*:*:*
    • cpe:2.3:a:cmu:cyrus-sasl:2.1.23:*:*:*:*:*:*:*
    • cpe:2.3:a:cmu:cyrus-sasl:2.1.24:*:*:*:*:*:*:*
    • cpe:2.3:a:cmu:cyrus-sasl:2.1.25:*:*:*:*:*:*:*
  • Range: <=2.1.26
  • glibc/glibcllm-fuzzy
    Range: >=2.17

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.