Skip to main content

Inspircd

8 CVEs product

Monthly

CVE-2021-33586 MEDIUM PATCH This Month

InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Inspircd
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-25269 MEDIUM PATCH This Month

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Inspircd Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2012-6696 CRITICAL PATCH Act Now

inspircd in Debian before 2.0.7 does not properly handle unsigned integers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Debian Information Disclosure Inspircd
NVD GitHub
CVSS 3.0
9.8
EPSS
0.7%
CVE-2015-6674 CRITICAL PATCH Act Now

Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Debian Inspircd Debian Linux
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2012-6697 HIGH PATCH This Week

InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Inspircd Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-7142 MEDIUM This Month

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Inspircd Debian Linux
NVD GitHub
CVSS 3.0
5.9
EPSS
0.1%
CVE-2015-8702 HIGH POC PATCH This Week

The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Debian Linux Inspircd
NVD GitHub
CVSS 3.0
8.6
EPSS
0.8%
CVE-2012-1836 HIGH POC PATCH This Week

Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow RCE Inspircd
NVD GitHub
CVSS 2.0
7.5
EPSS
6.4%
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Inspircd
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

inspircd in Debian before 2.0.7 does not properly handle unsigned integers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Debian Information Disclosure Inspircd
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Debian Inspircd +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Inspircd Debian Linux
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Inspircd Debian Linux
NVD GitHub
EPSS 1% CVSS 8.6
HIGH POC PATCH This Week

The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Debian Linux Inspircd
NVD GitHub
EPSS 6% CVSS 7.5
HIGH POC PATCH This Week

Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow RCE Inspircd
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy