UBUNTU-CVE-2013-4122
- Source
- https://ubuntu.com/security/CVE-2013-4122
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-4122.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2013-4122
- Upstream
- Related
- Withdrawn
- 2025-07-18T16:42:54Z
- Published
- 2013-07-18T00:00:00Z
- Modified
- 2025-07-16T08:16:24.989300Z
- Severity
-
- Ubuntu - medium
- Summary
- [none]
- Details
-
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.
- References
-
- https://ubuntu.com/security/CVE-2013-4122
- http://openwall.com/lists/oss-security/2013/07/12/3
- http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
- https://ubuntu.com/security/notices/USN-1988-1
- https://ubuntu.com/security/notices/USN-2755-1
- https://www.cve.org/CVERecord?id=CVE-2013-4122
Affected packages
Ubuntu:14.04:LTS / cyrus-sasl2
Package
- Name
- cyrus-sasl2
- Purl
- pkg:deb/ubuntu/cyrus-sasl2@2.1.25.dfsg1-17?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.1.25.dfsg1-17
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.1.25.dfsg1-17",
"binary_name": "cyrus-sasl2-dbg"
},
{
"binary_version": "2.1.25.dfsg1-17",
"binary_name": "cyrus-sasl2-doc"
},
{
"binary_version": "2.1.25.dfsg1-17",
"binary_name": "cyrus-sasl2-heimdal-dbg"
},
{
"binary_version": "2.1.25.dfsg1-17",
"binary_name": "cyrus-sasl2-mit-dbg"
},
{
"binary_version": "2.1.25.dfsg1-17",
"binary_name": "libsasl2-2"
},
{
"binary_version": "2.1.25.dfsg1-17",
"binary_name": "libsasl2-dev"
},
{
"binary_version": "2.1.25.dfsg1-17",
"binary_name": "libsasl2-modules"
},
{
"binary_version": "2.1.25.dfsg1-17",
"binary_name": "libsasl2-modules-db"
},
{
"binary_version": "2.1.25.dfsg1-17",
"binary_name": "libsasl2-modules-gssapi-heimdal"
},
{
"binary_version": "2.1.25.dfsg1-17",
"binary_name": "libsasl2-modules-gssapi-mit"
},
{
"binary_version": "2.1.25.dfsg1-17",
"binary_name": "libsasl2-modules-ldap"
},
{
"binary_version": "2.1.25.dfsg1-17",
"binary_name": "libsasl2-modules-otp"
},
{
"binary_version": "2.1.25.dfsg1-17",
"binary_name": "libsasl2-modules-sql"
},
{
"binary_version": "2.1.25.dfsg1-17",
"binary_name": "sasl2-bin"
}
],
"availability": "No subscription required"
}