8.6

CVE-2015-8702

Exploit
The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
InspircdInspircd Version <= 2.0.18
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.28% 0.809
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.6 3.9 4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.debian.org/security/2016/dsa-3527
Vendor Advisory
http://www.inspircd.org/2015/04/16/v2019-released.html
Vendor Advisory
https://github.com/inspircd/inspircd/commit/6058483d9fbc1b904d5ae7cfea47bfcde5c5b559
Exploit
https://github.com/inspircd/inspircd/issues/1033
Exploit
https://security.gentoo.org/glsa/201512-13