Skip to main content

Ngircd

3 CVEs product

Monthly

CVE-2020-14148 HIGH PATCH This Week

The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ngircd Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2013-5580 MEDIUM PATCH This Month

The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Ngircd
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-1747 MEDIUM This Month

channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a KICK command for a user who is not on the associated channel. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ngircd
NVD
CVSS 2.0
5.0
EPSS
1.4%
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ngircd +2
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Ngircd
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a KICK command for a user who is not on the associated channel. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ngircd
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy