Atheme

Atheme

6 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-27508

Exploit
  • EPSS 0.11%
  • Published 27.02.2024 16:15:47
  • Last modified 23.05.2025 15:40:10

Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.

9.1

CVE-2022-24976

Exploit
  • EPSS 0.14%
  • Published 14.02.2022 12:15:27
  • Last modified 21.11.2024 06:51:29

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.

7.8

CVE-2017-6384

  • EPSS 1.31%
  • Published 02.03.2017 06:59:00
  • Last modified 20.04.2025 01:37:25

Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8.

7.5

CVE-2016-4478

  • EPSS 0.59%
  • Published 13.06.2016 19:59:09
  • Last modified 12.04.2025 10:46:40

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.

7.5

CVE-2014-9773

  • EPSS 0.41%
  • Published 13.06.2016 19:59:00
  • Last modified 12.04.2025 10:46:40

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.

6

CVE-2012-1576

  • EPSS 1.37%
  • Published 01.10.2012 20:55:03
  • Last modified 11.04.2025 00:51:21

The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user...