CVE-2012-0033

Name of the Vulnerable Software and Affected Versions ZNC versions 0.200 through 0.202

Description The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a crafted DCC RESUME request. This is due to a problem in the CBounceDCCMod::OnPrivCTCP function in the bouncedcc module.

Recommendations For ZNC versions 0.200 through 0.202, consider disabling the CBounceDCCMod::OnPrivCTCP function as a temporary workaround until a patch is available. Restrict access to the bouncedcc module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.