CVE-2006-1721

CWE-20 — Improper Input Validation11 documents8 sources

Severity

2.6LOW

EPSS

3.6%

top 12.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cyrus Sasl

Timeline

PublishedApr 11

Latest updateMay 3

Description

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶Debiancyrus-sasl2< 2.1.19.dfsg1-0.2+3

▶NVDcyrus/sasl5 versions+4

Patches

Patch: labs.musecurity.com ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-x5mm-w7g6-r6fq: digestmd5↗2022-05-03

▶

CVEList

CVE-2006-1721: digestmd5↗2006-04-11

▶

OSV

CVE-2006-1721: digestmd5↗2006-04-11

▶

📋Vendor Advisories

Ubuntu

cyrus-sasl2 vulnerability↗2006-04-24

▶

Debian

CVE-2006-1721: cyrus-sasl2 - digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) lib...↗2006

▶

Red Hat

cyrus-sasl digest-md5 DoS↗2005-05-15

▶

💬Community

Bugzilla

CVE-2006-1721 cyrus-sasl digest-md5 DoS↗2007-08-15

▶

Bugzilla

CVE-2006-1721 cyrus-sasl digest-md5 DoS↗2006-05-04

▶

Bugzilla

CVE-2006-1721 cyrus-sasl digest-md5 DoS↗2006-04-24

▶

Bugzilla

CVE-2006-1721 cyrus-sasl digest-md5 DoS↗2006-04-24

▶