CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-14148
https://notcve.org/view.php?id=CVE-2020-14148
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. La implementación del protocolo Server-Server en ngIRCd versiones anteriores a 26~rc2, permite un acceso fuera de límites, como es demostrado por la función IRC_NJOIN() • https://github.com/ngircd/ngircd/issues/274 https://github.com/ngircd/ngircd/issues/277 https://github.com/ngircd/ngircd/pull/275 https://github.com/ngircd/ngircd/pull/276 https://github.com/ngircd/ngircd/releases/tag/rel-26-rc2 https://lists.debian.org/debian-lts-announce/2020/06/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJOYV5GHUFJMUVQW3TJKXZ7JPXL4W3ER https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 2%CPEs: 6EXPL: 0CVE-2013-5580
https://notcve.org/view.php?id=CVE-2013-5580
The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a "notice auth" message not being sent to a new client. Las funciones (1) Conn_StartLogin y (2) cb_Read_Resolver_Result en conn.c de ngIRCd 18 hasta 20.2, cuando la opción de configuración NoticeAuth es activada, no maneja apropiadamente el código de retorno para la función HandleWrite, lo que permite a atacantes remotos causar una denegación de servicio (fallo de aserción y caída del servidor) a través de vectores no especificados, relacionado con un mensaje "notice auth" que no es enviado al nuevo cliente. • http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=309122017ebc6fff039a7cab1b82f632853d82d5 http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000645.html http://freecode.com/projects/ngircd/releases/357245 http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115047.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115077.html http://osvdb.org/96590 http://secunia.com/advisories/54567 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0CVE-2013-1747
https://notcve.org/view.php?id=CVE-2013-1747
channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a KICK command for a user who is not on the associated channel. channel.c en ngIRCd v20 y v20.1, permite a atacantes remotos provocar una denegación de servicio (error de aserción y caída) mediante un comando KICK para un usuario que no está en el canal asociado. • http://arthur.barton.de/pipermail/ngircd-ml/2013-February/000623.html http://arthur.barton.de/pipermail/ngircd-ml/2013-February/000625.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101706.html http://ngircd.barton.de/doc/NEWS http://secunia.com/advisories/52982 http://www.osvdb.com/show/osvdb/91836 https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Bh=0e63fb3fa7ac4ca048e8c2b648d2be3fd0572311 •