4.3
CVE-2013-5580
- EPSS 2.32%
- Veröffentlicht 01.10.2013 19:55:09
- Zuletzt bearbeitet 29.04.2026 01:13:23
- CVE-Watchlists
- Unerledigt
The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a "notice auth" message not being sent to a new client.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.32% | 0.812 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=309122017ebc6fff039a7cab1b82f632853d82d5
http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000645.html
http://freecode.com/projects/ngircd/releases/357245
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115047.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115077.html
http://osvdb.org/96590
http://secunia.com/advisories/54567