CVE-2010-4341

CWE-3998 documents7 sources
Severity
2.1LOW
EPSS
0.2%
top 62.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fedorahosted SssdFedoraproject Sssd
Timeline
PublishedJan 25
Latest updateMay 17

Description

The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

Debiansssd< 1.2.1-4.1+3
NVDfedorahosted/sssd1.4.0, 1.4.1+1
NVDfedoraproject/sssd1.3.0, 1.5.0+1

Patches

Patch: lists.fedoraproject.orgPatch: lists.fedoraproject.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-qfqv-cr9x-27pg: The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd2022-05-17
CVEList
CVE-2010-4341: The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd2011-01-25
OSV
CVE-2010-4341: The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd2011-01-25

📋Vendor Advisories

2
Red Hat
sssd: DoS in sssd PAM responder can prevent logins2011-01-11
Debian
CVE-2010-4341: sssd - The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM r...2010

💬Community

2
Bugzilla
CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins [fedora-all]2011-01-11
Bugzilla
CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins2010-12-07
CVE-2010-4341 (LOW CVSS 2.1) | The pam_parse_in_data_v2 function i | cvebase.io