Headline
CVE-2013-4412: CVE-2013-4412
slim has NULL pointer dereference when using crypt() method from glibc 2.17
Name
CVE-2013-4412
Description
slim has NULL pointer dereference when using crypt() method from glibc 2.17
Source
CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs
725902
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package
Release
Version
Status
slim (PTS)
buster
1.3.6-5.1
fixed
bullseye
1.3.6-5.2
fixed
sid, trixie, bookworm
1.3.6-5.3
fixed
The information below is based on the following data on fixed versions.
Package
Type
Release
Fixed Version
Urgency
Origin
Debian Bugs
slim
source
squeeze
(not affected)
slim
source
wheezy
(not affected)
slim
source
(unstable)
1.3.6-0.1
725902
Notes
[wheezy] - slim <not-affected> (Only exploitable with eglibc 2.17 and later)
[squeeze] - slim <not-affected> (Only exploitable with eglibc 2.17 and later)
Upstream fix: http://git.berlios.de/cgi-bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f