CVE-2013-5580

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a "notice auth" message not being sent to a new client.

Las funciones (1) Conn_StartLogin y (2) cb_Read_Resolver_Result en conn.c de ngIRCd 18 hasta 20.2, cuando la opción de configuración NoticeAuth es activada, no maneja apropiadamente el código de retorno para la función HandleWrite, lo que permite a atacantes remotos causar una denegación de servicio (fallo de aserción y caída del servidor) a través de vectores no especificados, relacionado con un mensaje "notice auth" que no es enviado al nuevo cliente.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-08-23 CVE Reserved
2013-10-01 CVE Published
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (7)

URL	Tag	Source
http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=309122017ebc6fff039a7cab1b82f632853d82d5	X_refsource_confirm
http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000645.html	Mailing List
http://osvdb.org/96590	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://freecode.com/projects/ngircd/releases/357245	2023-11-07

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115047.html	2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115077.html	2023-11-07
http://secunia.com/advisories/54567	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Barton Search vendor "Barton"		Ngircd Search vendor "Barton" for product "Ngircd"				18.0 Search vendor "Barton" for product "Ngircd" and version "18.0"		-		Affected
Barton Search vendor "Barton"		Ngircd Search vendor "Barton" for product "Ngircd"				19.0 Search vendor "Barton" for product "Ngircd" and version "19.0"		-		Affected
Barton Search vendor "Barton"		Ngircd Search vendor "Barton" for product "Ngircd"				19.1 Search vendor "Barton" for product "Ngircd" and version "19.1"		-		Affected
Barton Search vendor "Barton"		Ngircd Search vendor "Barton" for product "Ngircd"				20.0 Search vendor "Barton" for product "Ngircd" and version "20.0"		-		Affected
Barton Search vendor "Barton"		Ngircd Search vendor "Barton" for product "Ngircd"				20.1 Search vendor "Barton" for product "Ngircd" and version "20.1"		-		Affected
Barton Search vendor "Barton"		Ngircd Search vendor "Barton" for product "Ngircd"				20.2 Search vendor "Barton" for product "Ngircd" and version "20.2"		-		Affected