CVE-2009-2658Path Traversal in ZNC

CWE-22Path Traversal5 documents5 sources
Severity
7.5HIGHNVD
EPSS
1.0%
top 23.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ZNCDebian ZNC
Timeline
PublishedAug 4
Latest updateMay 2

Description

Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/znc< znc 0.074-1 (bookworm)
Debianznc/znc< 0.074-1+3
NVDznc/znc13 versions+12

Patches

Patch: en.znc.inPatch: en.znc.in

🔴Vulnerability Details

2
GHSA
GHSA-hcc5-4c4w-p9qg: Directory traversal vulnerability in ZNC before 02022-05-02
OSV
CVE-2009-2658: Directory traversal vulnerability in ZNC before 02009-08-04

📋Vendor Advisories

1
Debian
CVE-2009-2658: znc - Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to...2009

💬Community

1
Bugzilla
ZNC: Users data directory traversal flaw via Direct Client Connection message2009-07-22
CVE-2009-2658 — Path Traversal in Debian ZNC | cvebase