Inspircd

Inspircd

10 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2021-33586

  • EPSS 0.19%
  • Published 27.05.2021 05:15:06
  • Last modified 21.11.2024 06:09:08

InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue.

6.8

CVE-2019-20917

  • EPSS 0.67%
  • Published 11.09.2020 05:15:12
  • Last modified 21.11.2024 04:39:41

An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability ...

6.8

CVE-2019-20918

  • EPSS 0.8%
  • Published 11.09.2020 05:15:12
  • Last modified 21.11.2024 04:39:41

An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server.

6.8

CVE-2020-25269

  • EPSS 0.67%
  • Published 11.09.2020 05:15:12
  • Last modified 21.11.2024 05:17:49

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd ser...

9.8

CVE-2012-6696

  • EPSS 0.65%
  • Published 25.09.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.

9.8

CVE-2015-6674

  • EPSS 1.6%
  • Published 13.04.2017 14:59:00
  • Last modified 20.04.2025 01:37:25

Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.

5.9

CVE-2016-7142

  • EPSS 0.14%
  • Published 26.09.2016 15:59:03
  • Last modified 12.04.2025 10:46:40

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.

8.6

CVE-2015-8702

Exploit
  • EPSS 0.76%
  • Published 12.04.2016 14:59:07
  • Last modified 12.04.2025 10:46:40

The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.

7.5

CVE-2012-1836

Exploit
  • EPSS 7.42%
  • Published 22.03.2012 03:28:04
  • Last modified 11.04.2025 00:51:21

Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression.

5

CVE-2008-1925

  • EPSS 1.4%
  • Published 24.04.2008 05:05:00
  • Last modified 09.04.2025 00:30:58

Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents, and long hostnames.