CVE-2013-5580
published 2013-10-01CVE-2013-5580: The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.32%
81.3th percentile
The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a "notice auth" message not being sent to a new client.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| barton | ngircd | — | — |
| barton | ngircd | — | — |
| barton | ngircd | — | — |
| barton | ngircd | — | — |
| barton | ngircd | — | — |
| barton | ngircd | — | — |
| debian | ngircd | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8g77-rrv8-793x: The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn
ghsa_unreviewed·2022-05-17
CVE-2013-5580 [MEDIUM] CWE-20 GHSA-8g77-rrv8-793x: The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn
The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a "notice auth" message not being sent to a new client.
Debian
CVE-2013-5580: ngircd - The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in n...
vendor_debian·2013·CVSS 4.3
CVE-2013-5580 [MEDIUM] CVE-2013-5580: ngircd - The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in n...
The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a "notice auth" message not being sent to a new client.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=309122017ebc6fff039a7cab1b82f632853d82d5http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000645.htmlhttp://freecode.com/projects/ngircd/releases/357245http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115047.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-September/115077.htmlhttp://osvdb.org/96590http://secunia.com/advisories/54567http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=309122017ebc6fff039a7cab1b82f632853d82d5http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000645.htmlhttp://freecode.com/projects/ngircd/releases/357245http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115047.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-September/115077.htmlhttp://osvdb.org/96590http://secunia.com/advisories/54567
2013-10-01
Published