CVE-2013-4132

KDE-Workspace < 4.10.5 - Denial of Service via Invalid Password Handling

Title source: llm
STIX 2.1

Description

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

References (5)

Core 5
Core References
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/117
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-07/msg00082.html
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/120
Various Sources x_refsource_confirm
https://git.reviewboard.kde.org/r/111261/

Scores

EPSS 0.0083
EPSS Percentile 74.8%

Details

CWE
CWE-310
Status published
Products (3)
kde/kde-workspace < 4.10.5
kde/kde_sc < 4.10.5
opensuse/opensuse 12.2
Published Sep 16, 2013
Tracked Since Feb 18, 2026