Atheme
by Atheme
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6384 | Hig | 0.49 | 7.5 | 0.02 | Mar 2, 2017 | Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8. | ||
| CVE-2016-4478 | Hig | 0.49 | 7.5 | 0.02 | Jun 13, 2016 | Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding. | ||
| CVE-2014-9773 | Hig | 0.42 | 7.5 | 0.02 | Jun 13, 2016 | modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. | ||
| CVE-2024-27508 | 0.00 | — | 0.01 | Feb 27, 2024 | Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c. | |||
| CVE-2022-24976 | 0.00 | — | 0.02 | Feb 13, 2022 | Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence. | |||
| CVE-2012-1576 | 0.00 | — | 0.02 | Oct 1, 2012 | The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of… |
- risk 0.49cvss 7.5epss 0.02
Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8.
- risk 0.49cvss 7.5epss 0.02
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
- risk 0.42cvss 7.5epss 0.02
modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.
- CVE-2024-27508Feb 27, 2024risk 0.00cvss —epss 0.01
Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.
- CVE-2022-24976Feb 13, 2022risk 0.00cvss —epss 0.02
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
- CVE-2012-1576Oct 1, 2012risk 0.00cvss —epss 0.02
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of…