CVE-2014-9403 — ZNC vulnerability

5 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

1.1%

top 22.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ZNC Debian ZNC

Timeline

PublishedDec 19

Latest updateMay 17

Description

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/znc< znc 1.2-4 (bookworm)

▶Debianznc/znc< 1.2-4+3

▶NVDznc/znc1.2

🔴Vulnerability Details

GHSA

GHSA-7cjq-452g-rg6q: The CWebAdminMod::ChanPage function in modules/webadmin↗2022-05-17

▶

OSV

CVE-2014-9403: The CWebAdminMod::ChanPage function in modules/webadmin↗2014-12-19

▶

📋Vendor Advisories

Debian

CVE-2014-9403: znc - The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 al...↗2014

▶

💬Community

Bugzilla

CVE-2014-9403 znc: Crash while adding channels to the web admin↗2014-12-29

▶