CVE-2013-4122

Name of the Vulnerable Software and Affected Versions cyrus-sasl versions prior to 2.1.26

Description The issue is related to the improper handling of a NULL value returned by the crypt function, as implemented in glibc 2.17 and later. This can be exploited by remote attackers to cause a denial of service, resulting in thread crashes and consumption. The exploitation can occur via an invalid salt or, when FIPS-140 is enabled, through DES or MD5 encrypted passwords, triggering a NULL pointer dereference.

Recommendations For versions prior to 2.1.26, update to version 2.1.26 or later to resolve the issue. As a temporary workaround, consider restricting access to the crypt function to minimize the risk of exploitation.