Denial of Service Vulnerability in ZNC by Null Pointer Dereference
CVE-2014-9403

Currently unrated

Key Information:

Vendor

Znc

Status
Znc
Vendor
CVE Published:
19 December 2014

What is CVE-2014-9403?

The CWebAdminMod::ChanPage function in ZNC versions prior to 1.4 is susceptible to a denial of service attack. Remote authenticated users can exploit this vulnerability by creating a channel that has the same name as an existing channel, albeit without the leading # character. This action can lead to a NULL pointer dereference, resulting in a system crash. The issue stems from a 'use-after-delete' error, emphasizing the need for proper validation in channel naming to safeguard system stability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://advisories.mageia.org/MGASA-2014-0543.html
x_refsource_CONFIRM
https://github.com/znc/znc/issues/528
x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.