CVE-2010-0303

EPSS 14.55%
Veröffentlicht 04.02.2010 20:15:23
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 through 1.9.4 allows remote attackers to cause a denial of service (daemon crash) via a ":help \t" private message to the MemoServ service.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dinko Korunic ≫ Hybserv2 Version1.9.2

Dinko Korunic ≫ Hybserv2 Version1.9.3

Dinko Korunic ≫ Hybserv2 Version1.9.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	14.55%	0.938

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550389

http://marc.info/?l=oss-security&m=126476591925300&w=2

http://secunia.com/advisories/38350

Vendor Advisory

http://secunia.com/advisories/38352

Vendor Advisory

http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2.diff.gz

Patch

http://www.debian.org/security/2010/dsa-1982

http://www.securityfocus.com/bid/38006

https://exchange.xforce.ibmcloud.com/vulnerabilities/55992

https://nvd.nist.gov/vuln/detail/CVE-2010-0303