CVE-2006-1721
cyrus-sasl2 - programming error
EPSS 3.6%
Description
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
How to fix CVE-2006-1721
To remediate CVE-2006-1721, upgrade the affected package to a fixed version below.
- Debian/cyrus-sasl2—upgrade to 2.1.19.dfsg1-0.2 or later
- Debian/cyrus-sasl2—upgrade to 2.1.19-1.5sarge1 or later
Is CVE-2006-1721 being exploited?
Low — EPSS is 3.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.1.19.dfsg1-0.2
- from 0, < 2.1.19-1.5sarge1