VYPR

Unrealircd

by Unrealircd

CVEs (10)

  • CVE-2016-7144HigJan 18, 2017
    risk 0.53cvss 8.1epss 0.01

    The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.

  • CVE-2017-13649MedAug 23, 2017
    risk 0.36cvss 5.5epss 0.00

    UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat…

  • CVE-2010-2075Jun 15, 2010
    risk 0.10cvss epss 0.84

    UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.

  • CVE-2006-1214Mar 14, 2006
    risk 0.03cvss epss 0.04

    UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denial of service by causing a linked server to send malformed TKL Q:Line commands, as demonstrated by "TKL - q\x08Q *\x08PoC."

  • CVE-2023-50784Dec 16, 2023
    risk 0.00cvss epss 0.02

    A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.

  • CVE-2013-7384May 19, 2014
    risk 0.00cvss epss 0.02

    UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types.

  • CVE-2013-6413May 19, 2014
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer…

  • CVE-2009-4893Jun 15, 2010
    risk 0.00cvss epss 0.03

    Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

  • CVE-2004-0679Aug 6, 2004
    risk 0.00cvss epss 0.02

    The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly other versions, uses a weak hashing scheme to hide IP addresses, which could allow remote attackers to use brute force methods to gain other user's IP addresses.

  • CVE-2002-1675Dec 31, 2002
    risk 0.00cvss epss 0.03

    Format string vulnerability in the Cio_PrintF function of cio_main.c in Unreal IRCd 3.1.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers.