CVE-2010-2812Improper Input Validation in ZNC

CWE-20Improper Input Validation5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
2.3%
top 15.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ZNCDebian ZNC
Timeline
PublishedAug 17
Latest updateMay 17

Description

Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/znc< znc 0.092-2 (bookworm)
Debianznc/znc< 0.092-2+3
NVDznc/znc0.092

🔴Vulnerability Details

2
GHSA
GHSA-gpw8-p7v2-85hm: Client2022-05-17
OSV
CVE-2010-2812: Client2010-08-17

📋Vendor Advisories

1
Debian
CVE-2010-2812: znc - Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (ex...2010

💬Community

1
Bugzilla
CVE-2010-2812 CVE-2010-2934 znc: multiple out-of-range errors can crash znc2010-08-09
CVE-2010-2812 — Improper Input Validation in Debian ZNC | cvebase