CVE-2012-1502

Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
pypampypam
𝑥
≤ 0.5.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-pam
bullseye
0.4.2-13.4
fixed
bookworm
0.4.2-16
fixed
sid
0.4.2-19
fixed
trixie
0.4.2-19
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-pam
oneiric
Fixed 0.4.2-12.2ubuntu2.11.10.1
released
natty
Fixed 0.4.2-12.2ubuntu2.11.04.1
released
maverick
Fixed 0.4.2-12.1ubuntu1.10.10.1
released
lucid
Fixed 0.4.2-12.1ubuntu1.10.04.1
released
hardy
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2012-04/msg00027.html
http://secunia.com/advisories/48312
http://secunia.com/advisories/48332
http://secunia.com/advisories/48746
http://ubuntu.com/usn/usn-1395-1
http://www.debian.org/security/2012/dsa-2430
http://www.lsexperts.de/advisories/lse-2012-03-01.txt
http://www.osvdb.org/79892
https://exchange.xforce.ibmcloud.com/vulnerabilities/73857
https://security.gentoo.org/glsa/201507-09
http://lists.opensuse.org/opensuse-updates/2012-04/msg00027.html
http://secunia.com/advisories/48312
http://secunia.com/advisories/48332
http://secunia.com/advisories/48746
http://ubuntu.com/usn/usn-1395-1
http://www.debian.org/security/2012/dsa-2430
http://www.lsexperts.de/advisories/lse-2012-03-01.txt
http://www.osvdb.org/79892
https://exchange.xforce.ibmcloud.com/vulnerabilities/73857
https://security.gentoo.org/glsa/201507-09