CVE-2010-2448

Name of the Vulnerable Software and Affected Versions ZNC versions prior to 0.092

Description The issue allows remote authenticated users to cause a denial of service by requesting traffic statistics when there is an active unauthenticated connection. This triggers a NULL pointer dereference, which can be demonstrated using a traffic link in the web administration pages or the traffic command in the /znc shell.

Recommendations For versions prior to 0.092, update to version 0.092 or later to resolve the issue. As a temporary workaround, consider restricting access to traffic statistics when there are active unauthenticated connections to minimize the risk of exploitation.