4 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. La implementación del protocolo Server-Server en ngIRCd versiones anteriores a 26~rc2, permite un acceso fuera de límites, como es demostrado por la función IRC_NJOIN() • https://github.com/ngircd/ngircd/issues/274 https://github.com/ngircd/ngircd/issues/277 https://github.com/ngircd/ngircd/pull/275 https://github.com/ngircd/ngircd/pull/276 https://github.com/ngircd/ngircd/releases/tag/rel-26-rc2 https://lists.debian.org/debian-lts-announce/2020/06/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJOYV5GHUFJMUVQW3TJKXZ7JPXL4W3ER https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 1

ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. ngIRCd 0.10.x anterior a 0.10.4 y 0.11.0 anterior a 0.11.0-pre2 permite a atacantes remotos provocar denegación de servicio (caida) a través de un mensaje manipulado IRC PART, el cual dispara una referencía no valída. • http://arthur.barton.de/cgi-bin/viewcvs.cgi/ngircd/ngircd/src/ngircd/irc-channel.c?r1=1.40&r2=1.41&diff_format=h http://bugs.gentoo.org/show_bug.cgi?id=204834 http://ngircd.barton.de/doc/ChangeLog http://secunia.com/advisories/28425 http://secunia.com/advisories/28673 http://security.gentoo.org/glsa/glsa-200801-13.xml http://www.securityfocus.com/bid/27318 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0

irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument. El archivo irc-channel.c en ngIRCd versiones anteriores a 0.10.3, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de un comando JOIN sin un argumento de canal. • http://arthur.barton.de/pipermail/ngircd-ml/2007-July/000292.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451875 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10%3Bfilename=90-remote-vulnerability.dpatch%3Batt=1%3Bbug=451875 http://ngircd.barton.de/doc/ChangeLog http://osvdb.org/39295 http://secunia.com/advisories/27692 http://www.securityfocus.com/bid/26489 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 3

Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code. • https://www.exploit-db.com/exploits/784 http://marc.info/?l=bugtraq&m=110746413108183&w=2 http://secunia.com/advisories/14114 http://www.nosystem.com.ar/advisories/advisory-11.txt http://www.securityfocus.com/bid/12434 •