VDB
CVE-2013-4132
CVE-2013-4132
PUBLISHED
CVSS 5 MEDIUM
KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.
EPSS 0.83% · 75.0th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.83%
75.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| kde | kde-workspace | 0 |
| opensuse | opensuse | 12.2 |
| kde | kde_sc | 0 |
Exploit Intelligence
- openSUSE-SU-2013:1291 (circl)
- [oss-security] 20130716 Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws (circl)
- openSUSE-SU-2013:1253 (circl)
- [oss-security] 20130716 Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws (circl)
- https://git.reviewboard.kde.org/r/111261/ (circl)
Timeline
- Sep 16, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- openSUSE-SU-2013:1291 vendor-advisory
- [oss-security] 20130716 Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws mailing-list
- openSUSE-SU-2013:1253 vendor-advisory
- [oss-security] 20130716 Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws mailing-list
- https://git.reviewboard.kde.org/r/111261/ url
- https://nvd.nist.gov/vuln/detail/CVE-2013-4132 advisory
- https://git.reviewboard.kde.org/r/111261 url