CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2006-1721 – cyrus-sasl digest-md5 DoS
https://notcve.org/view.php?id=CVE-2006-1721
11 Apr 2006 — digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation. • ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 0CVE-2004-0884
https://notcve.org/view.php?id=CVE-2004-0884
21 Oct 2004 — The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657 •
CVSS: 9.8EPSS: 4%CPEs: 86EXPL: 0CVE-2005-0373
https://notcve.org/view.php?id=CVE-2005-0373
07 Oct 2004 — Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code. • http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml •