CVE-2012-0033ZNC vulnerability

CWE-3997 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 24.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ZNCDebian ZNCZNC Znc-msvc
Timeline
PublishedApr 8
Latest updateMay 4

Description

The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the bouncedcc module in ZNC 0.200 and 0.202 allows remote attackers to cause a denial of service (crash) via a crafted DCC RESUME request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/znc< znc 0.202-2 (bookworm)
Debianznc/znc< 0.202-2+3
NVDznc/znc-msvc0.200, 0.202+1

🔴Vulnerability Details

2
GHSA
GHSA-vrxc-p9x2-2r35: The CBounceDCCMod::OnPrivCTCP function in bouncedcc2022-05-04
OSV
CVE-2012-0033: The CBounceDCCMod::OnPrivCTCP function in bouncedcc2014-04-08

📋Vendor Advisories

1
Debian
CVE-2012-0033: znc - The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the bouncedcc module ...2012

💬Community

3
Bugzilla
CVE-2012-0033 znc: denial of service flaw [fedora-all]2012-01-10
Bugzilla
CVE-2012-0033 znc: denial of service flaw [epel-all]2012-01-10
Bugzilla
CVE-2012-0033 znc: denial of service flaw2012-01-09