Inspircd
Products
1- 11 CVEs
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6674 | Cri | 0.64 | 9.8 | 0.02 | Apr 13, 2017 | Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836. | ||
| CVE-2012-6696 | Cri | 0.57 | 9.8 | 0.02 | Sep 25, 2017 | inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836. | ||
| CVE-2015-8702 | Hig | 0.49 | 8.6 | 0.02 | Apr 12, 2016 | The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname. | ||
| CVE-2012-6697 | Hig | 0.42 | 7.5 | 0.02 | Apr 13, 2017 | InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop). | ||
| CVE-2016-7142 | Med | 0.38 | 5.9 | 0.01 | Sep 26, 2016 | The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message. | ||
| CVE-2021-33586 | 0.00 | — | 0.01 | May 27, 2021 | InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue. | |||
| CVE-2019-20917 | 0.00 | — | 0.03 | Sep 11, 2020 | An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote… | |||
| CVE-2019-20918 | 0.00 | — | 0.01 | Sep 11, 2020 | An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server. | |||
| CVE-2020-25269 | 0.00 | — | 0.03 | Sep 11, 2020 | An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to… | |||
| CVE-2012-1836 | 0.00 | — | 0.07 | Mar 22, 2012 | Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression. | |||
| CVE-2008-1925 | 0.00 | — | 0.02 | Apr 24, 2008 | Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents, and long hostnames. |
- risk 0.64cvss 9.8epss 0.02
Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.
- risk 0.57cvss 9.8epss 0.02
inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.
- risk 0.49cvss 8.6epss 0.02
The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.
- risk 0.42cvss 7.5epss 0.02
InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop).
- risk 0.38cvss 5.9epss 0.01
The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.
- CVE-2021-33586May 27, 2021risk 0.00cvss —epss 0.01
InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue.
- CVE-2019-20917Sep 11, 2020risk 0.00cvss —epss 0.03
An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote…
- CVE-2019-20918Sep 11, 2020risk 0.00cvss —epss 0.01
An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server.
- CVE-2020-25269Sep 11, 2020risk 0.00cvss —epss 0.03
An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to…
- CVE-2012-1836Mar 22, 2012risk 0.00cvss —epss 0.07
Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression.
- CVE-2008-1925Apr 24, 2008risk 0.00cvss —epss 0.02
Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents, and long hostnames.