Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cyrus SASL Library 空指针逆向引用拒绝服务漏洞
Vulnerability Description
SASL(Simple Authentication Security Layer)是一个简单认证安全层,它主要是用于SMTP认证。Cyrus SASL是SASL的一个实现,主要在客户端或服务器端提供身份验证。 glibc 2.17及更新的版本中的Cyrus SASL 2.1.23,2.1.26及之前的版本中存在安全漏洞,该漏洞源于程序没有正确处理crypt函数返回的NULL值。远程攻击者可借助(1)无效的salt或使用(2)DES或(3)MD5加密算法,利用该漏洞触发使用空指针逆向引用,造成拒绝服务(线
CVSS Information
N/A
Vulnerability Type
N/A