2 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. La implementación del protocolo Server-Server en ngIRCd versiones anteriores a 26~rc2, permite un acceso fuera de límites, como es demostrado por la función IRC_NJOIN() • https://github.com/ngircd/ngircd/issues/274 https://github.com/ngircd/ngircd/issues/277 https://github.com/ngircd/ngircd/pull/275 https://github.com/ngircd/ngircd/pull/276 https://github.com/ngircd/ngircd/releases/tag/rel-26-rc2 https://lists.debian.org/debian-lts-announce/2020/06/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJOYV5GHUFJMUVQW3TJKXZ7JPXL4W3ER https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-125: Out-of-bounds Read •

CVSS: 2.6EPSS: 6%CPEs: 2EXPL: 1

The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error. Las funciones (1) Conn_GetCipherInfo y (2) Conn_UsesSSL en src/ngircd/conn.c en ngIRCd 13 y 14, cuando el soporte SSL/TLS está presente y activado el modo "standalone", permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) fijando el comando MOTD desde otro servidor en la misma red IRC, posiblemente relativo a un error en la indexación del array. • http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=blobdiff%3Bf=src/ngircd/conn.c%3Bh=c6095a31c613bc5ca127d55b8723e15b836f1cca%3Bhp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c%3Bhb=627b0b713c52406e50c84bb9459e7794262920a2%3Bhpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=627b0b713c52406e50c84bb9459e7794262920a2 http://ngircd.barton.de/doc/ChangeLog http://ngircd.barton.de/doc/NEWS http://secunia.com/advisories/37343 http://www.securityfocus.com/bid/37021 http://www.vupen •