CVE-2019-20917

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions InspIRCd versions prior to 2.0.28 InspIRCd versions prior to 3.3.0

Description The issue is related to a NULL pointer dereference in the mysql module of InspIRCd when built against mariadb-connector-c 3.0.5 or newer. This can be exploited for remote crashing of an InspIRCd server by any user able to connect to it, particularly when combined with the sqlauth or sqloper modules. The vulnerability is associated with pointer dereference errors, which can allow a remote attacker to cause a denial of service.

Recommendations For InspIRCd versions prior to 2.0.28, update to version 2.0.28 or later. For InspIRCd versions prior to 3.3.0, update to version 3.3.0 or later.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2020-3126

ALT-PU-2020-3171

ALT-PU-2024-11122

BDU:2022-06171

CVE-2019-20917

DLA-2375-1

DSA-4764-1

USN-7405-1

Affected Products

Alt Linux

Inspircd

Linuxmint

Ubuntu

Mariadb Connector/C

CVE-2019-20917

Weakness Enumeration

Related Identifiers

Affected Products

References · 19