CVE-2013-2130 — ZNC vulnerability

8 documents6 sources

Severity

4.0MEDIUMNVD

EPSS

1.1%

top 22.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ZNC Debian ZNC

Timeline

PublishedJun 5

Latest updateMay 17

Description

ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/znc< znc 1.0-5 (bookworm)

▶Debianznc/znc< 1.0-5+3

▶NVDznc/znc1.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-fx7f-7phm-xwv9: ZNC 1↗2022-05-17

▶

OSV

CVE-2013-2130: ZNC 1↗2014-06-05

▶

💥Exploits & PoCs

Exploit-DB

HylaFAX+ 5.2.4 > 5.5.3 - Buffer Overflow↗2013-10-02

▶

📋Vendor Advisories

Debian

CVE-2013-2130: znc - ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL poi...↗2013

▶

💬Community

Bugzilla

CVE-2013-2130 znc: NULL pointer dereference in webadmin [epel-all]↗2013-05-29

▶

Bugzilla

CVE-2013-2130 znc: NULL pointer dereference in webadmin↗2013-05-29

▶

Bugzilla

CVE-2013-2130 znc: NULL pointer dereference in webadmin [fedora-all]↗2013-05-29

▶