CVE-2009-0759Code Injection in ZNC

CWE-94Code Injection4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.7%
top 27.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ZNCDebian ZNC
Timeline
PublishedMar 3
Latest updateMay 2

Description

Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/znc< znc 0.066-1 (bookworm)
Debianznc/znc< 0.066-1+3
NVDznc/znc0.062+2

🔴Vulnerability Details

2
GHSA
GHSA-f594-w3vj-gf5c: Multiple CRLF injection vulnerabilities in webadmin in ZNC before 02022-05-02
OSV
CVE-2009-0759: Multiple CRLF injection vulnerabilities in webadmin in ZNC before 02009-03-03

📋Vendor Advisories

1
Debian
CVE-2009-0759: znc - Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow re...2009
CVE-2009-0759 — Code Injection in Debian ZNC | cvebase