In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.
2.2.1-1willsync1ubuntu0.12.2.2-2ubuntu1.12.2.2-4ubuntu1.11.8.0-2ubuntu11.8.0-2ubuntu21.8.0-2ubuntu2+esm11.8.0-8ubuntu11.8.0-8ubuntu21.8.0-8ubuntu2+esm11.8.0-8ubuntu31.8.0-8ubuntu3+esm21.8.0-8ubuntu31.8.1-11.8.1-1ubuntu0.1~esm11.10.0-41.10.0-51.10.0-5ubuntu0.1~esm1Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:NI:NA:HCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H