PT-2014-6504 · Srvx · Srvx

Published

2014-09-05

Updated

2014-09-08

CVE-2014-5508

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions srvx version 1.3.1

Description The issue is related to multiple integer overflows in the HelpServ module, which can be exploited by remote authenticated IRCops or HelpServ bot managers. This can cause a denial of service in the form of an infinite loop. The exploitation is possible via a large value in the EmptyInterval parameter or certain other interval configurations.

Recommendations For srvx version 1.3.1, consider restricting access to the HelpServ module until a patch is available. As a temporary workaround, avoid using large values in the EmptyInterval parameter to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2014-5508

Affected Products

Srvx

PT-2014-6504 · Srvx · Srvx

CVE-2014-5508

Weakness Enumeration

Related Identifiers

Affected Products

References · 4