PT-2014-2557 · Znc · Znc

Chauffer

Published

2013-08-22

Updated

2015-09-10

CVE-2013-2130

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions ZNC version 1.0

Description The issue allows remote authenticated users to cause a denial of service, resulting in a crash due to a NULL pointer reference. This can be achieved by sending a crafted request to specific pages, including the "editnetwork", "editchan", "addchan", or "delchan" page in the webadmin module.

Recommendations For ZNC version 1.0, as a temporary workaround, consider restricting access to the webadmin module until a patch is available. Avoid using the affected pages, such as "editnetwork", "editchan", "addchan", or "delchan", in the webadmin module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2013-2130

MGASA-2013-0257

Affected Products

Znc

PT-2014-2557 · Znc · Znc

CVE-2013-2130

Related Identifiers

Affected Products

References · 15