{"api_version":"1","generated_at":"2026-06-03T09:52:29+00:00","cve":"CVE-2013-4122","urls":{"html":"https://cve.report/CVE-2013-4122","api":"https://cve.report/api/cve/CVE-2013-4122.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-4122","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-4122"},"summary":{"title":"CVE-2013-4122","description":"Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.","state":"PUBLISHED","assigner":"redhat","published_at":"2013-10-27 00:55:03","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-189","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2013/07/12/3","name":"http://www.openwall.com/lists/oss-security/2013/07/12/3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"oss-security - CVE request: Cyrus-sasl NULL ptr. dereference","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2013/07/15/1","name":"http://www.openwall.com/lists/oss-security/2013/07/15/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"oss-security - Re: CVE request: Cyrus-sasl NULL ptr. dereference","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2013/07/12/6","name":"http://www.openwall.com/lists/oss-security/2013/07/12/6","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"oss-security - Re: CVE request: Cyrus-sasl NULL ptr. dereference","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/","name":"https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[Slackware-current] glibc 2.17, shadow, and other penumbrae","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d","name":"http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"No page found","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://www.debian.org/security/2015/dsa-3368","name":"http://www.debian.org/security/2015/dsa-3368","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-3368-1 cyrus-sasl2","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-2755-1","name":"http://www.ubuntu.com/usn/USN-2755-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-2755-1: Cyrus SASL vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-201309-01.xml","name":"http://security.gentoo.org/glsa/glsa-201309-01.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  Cyrus-SASL: Denial of Service","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2013/07/13/1","name":"http://www.openwall.com/lists/oss-security/2013/07/13/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"oss-security - Re: CVE request: Cyrus-sasl NULL ptr. dereference","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-4122","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4122","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"4122","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cmu","cpe5":"cyrus-sasl","cpe6":"1.5.28","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cmu","cpe5":"cyrus-sasl","cpe6":"2.1.19","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cmu","cpe5":"cyrus-sasl","cpe6":"2.1.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cmu","cpe5":"cyrus-sasl","cpe6":"2.1.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cmu","cpe5":"cyrus-sasl","cpe6":"2.1.22","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cmu","cpe5":"cyrus-sasl","cpe6":"2.1.23","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cmu","cpe5":"cyrus-sasl","cpe6":"2.1.24","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cmu","cpe5":"cyrus-sasl","cpe6":"2.1.25","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"1","versionEndIncluding":"2.1.26","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cmu","cpe5":"cyrus-sasl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.2.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.3.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.3.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.3.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.3.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.5.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.6.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4122","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2013-4122","qid":"500140","title":"Alpine Linux Security Update for cyrus-sasl"},{"cve":"CVE-2013-4122","qid":"503790","title":"Alpine Linux Security Update for cyrus-sasl"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T16:30:50.049Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/"},{"name":"GLSA-201309-01","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://security.gentoo.org/glsa/glsa-201309-01.xml"},{"name":"USN-2755-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2755-1"},{"name":"[oss-security] 20130715 Re: CVE request: Cyrus-sasl NULL ptr. dereference","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2013/07/15/1"},{"name":"[oss-security] 20130713 Re: CVE request: Cyrus-sasl NULL ptr. dereference","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2013/07/13/1"},{"name":"[oss-security] 20130712 Re: CVE request: Cyrus-sasl NULL ptr. dereference","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2013/07/12/6"},{"name":"[oss-security] 20130712 CVE request: Cyrus-sasl NULL ptr. dereference","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2013/07/12/3"},{"name":"DSA-3368","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2015/dsa-3368"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2013-07-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-12-06T18:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d"},{"tags":["x_refsource_MISC"],"url":"https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/"},{"name":"GLSA-201309-01","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://security.gentoo.org/glsa/glsa-201309-01.xml"},{"name":"USN-2755-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2755-1"},{"name":"[oss-security] 20130715 Re: CVE request: Cyrus-sasl NULL ptr. dereference","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2013/07/15/1"},{"name":"[oss-security] 20130713 Re: CVE request: Cyrus-sasl NULL ptr. dereference","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2013/07/13/1"},{"name":"[oss-security] 20130712 Re: CVE request: Cyrus-sasl NULL ptr. dereference","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2013/07/12/6"},{"name":"[oss-security] 20130712 CVE request: Cyrus-sasl NULL ptr. dereference","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2013/07/12/3"},{"name":"DSA-3368","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2015/dsa-3368"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2013-4122","datePublished":"2013-10-27T00:00:00.000Z","dateReserved":"2013-06-12T00:00:00.000Z","dateUpdated":"2024-08-06T16:30:50.049Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2013-10-27 00:55:03","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-189","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cmu:cyrus-sasl:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.26","matchCriteriaId":"83AF5B23-4AE4-4C51-835F-1F56FDCF2211"},{"vulnerable":true,"criteria":"cpe:2.3:a:cmu:cyrus-sasl:1.5.28:*:*:*:*:*:*:*","matchCriteriaId":"392D237A-B796-461A-A1E7-66440641A2DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cmu:cyrus-sasl:2.1.19:*:*:*:*:*:*:*","matchCriteriaId":"C2CA9C62-547C-41CD-84F5-83E81E92460A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cmu:cyrus-sasl:2.1.20:*:*:*:*:*:*:*","matchCriteriaId":"246D41C8-EC36-4A4B-B1E2-2576B3B8847F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cmu:cyrus-sasl:2.1.21:*:*:*:*:*:*:*","matchCriteriaId":"6C10C223-E694-4B70-A18C-92AB77030A3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cmu:cyrus-sasl:2.1.22:*:*:*:*:*:*:*","matchCriteriaId":"17D5998D-5E76-4C94-882F-71D7EBF195C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cmu:cyrus-sasl:2.1.23:*:*:*:*:*:*:*","matchCriteriaId":"6F102957-8951-4C5C-8933-75ABCA971818"},{"vulnerable":true,"criteria":"cpe:2.3:a:cmu:cyrus-sasl:2.1.24:*:*:*:*:*:*:*","matchCriteriaId":"0002F61E-4A9F-4BF1-B83D-4DCE0619367D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cmu:cyrus-sasl:2.1.25:*:*:*:*:*:*:*","matchCriteriaId":"4CD67A37-1E0E-4F24-8258-CEC1BFD2788C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*","matchCriteriaId":"21F23D2F-A01F-4949-A917-D1164E14EAA7"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"64576C9A-FCD9-4410-B590-AB43F9F85D2D"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*","matchCriteriaId":"229AC4E3-AFBA-4EF4-8534-8FBE1E630253"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*","matchCriteriaId":"5B91503A-E8DC-4DFF-98D4-687B5AE41438"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*","matchCriteriaId":"241A4B59-7BBC-4656-93AC-7DD8BE29EB58"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*","matchCriteriaId":"00D0DBDC-1559-406D-AADC-12B5ABDD2BE0"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*","matchCriteriaId":"A5294FCC-3933-4CD5-8DFE-BCDC00F4BD18"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*","matchCriteriaId":"C5CA3E33-7CC6-4AC5-999A-3C46D7FD14A9"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*","matchCriteriaId":"CAADC158-B7EF-4135-B383-0DA43065B43E"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*","matchCriteriaId":"261A4A17-3B9E-46E6-897B-DB0C8358A1D5"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*","matchCriteriaId":"DAAC8483-5060-428B-8D8E-C30E5823BB3E"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*","matchCriteriaId":"44A511B6-72EC-4200-8C1C-BDE30BC2431A"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*","matchCriteriaId":"B03C644D-0EF9-4586-96D5-5DEE78D9D5C9"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*","matchCriteriaId":"47AD8A88-DAF0-4206-8661-70075BA2AE55"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*","matchCriteriaId":"42AD17CD-545F-425A-92CF-0EE5F5B5F74E"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*","matchCriteriaId":"DC0B9503-9AD0-4A1A-BD4F-4B902BFC8E5F"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*","matchCriteriaId":"0660536D-7F82-4B91-8B84-704D26FE989F"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*","matchCriteriaId":"E2037E8C-43E8-4121-B877-1834282ACD2A"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*","matchCriteriaId":"AFCA5E85-9AFA-429A-AC51-8D8EC2841330"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*","matchCriteriaId":"D41ABE25-DECD-4068-93DA-0B85281FD93A"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*","matchCriteriaId":"84600406-0CE2-46EA-A5AD-4CC0D3494AB7"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*","matchCriteriaId":"A96FA9ED-7529-440D-984D-6340B94D8243"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*","matchCriteriaId":"C1E91F85-7872-4290-BE7F-C966AC2773CB"},{"vulnerable":false,"criteria":"cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:*:*","matchCriteriaId":"BC5491CD-F3D6-4B09-AE44-62285F6B462A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"4122","Ordinal":"1","Title":"CVE-2013-4122","CVE":"CVE-2013-4122","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"4122","Ordinal":"1","NoteData":"Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.","Type":"Description","Title":"CVE-2013-4122"},{"CveYear":"2013","CveId":"4122","Ordinal":"2","NoteData":"2013-10-26","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"4122","Ordinal":"3","NoteData":"2016-12-06","Type":"Other","Title":"Modified"}]}}}