rpm package
opensuse/atheme&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/atheme&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-24976 | — | < 7.2.12-2.1 | 7.2.12-2.1 | Feb 13, 2022 | Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence. | ||
| CVE-2017-6384 | Hig | 7.5 | < 7.2.11-1.6 | 7.2.11-1.6 | Mar 2, 2017 | Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8. | |
| CVE-2016-4478 | Hig | 7.5 | < 7.2.7-1.1 | 7.2.7-1.1 | Jun 13, 2016 | Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding. | |
| CVE-2014-9773 | Hig | 7.5 | < 7.2.7-1.1 | 7.2.7-1.1 | Jun 13, 2016 | modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. |
- CVE-2022-24976Feb 13, 2022affected < 7.2.12-2.1fixed 7.2.12-2.1
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
- affected < 7.2.11-1.6fixed 7.2.11-1.6
Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8.
- affected < 7.2.7-1.1fixed 7.2.7-1.1
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
- affected < 7.2.7-1.1fixed 7.2.7-1.1
modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.