CVE-2019-9917 — Improper Input Validation in ZNC

CWE-20 — Improper Input Validation9 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

1.5%

top 18.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ZNC Debian ZNC Canonical Ubuntu Linux +1 more

Timeline

PublishedMar 27

Latest updateMay 14

Description

ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/znc< znc 1.7.2-2 (bookworm)

▶Debianznc/znc< 1.7.2-2+3

▶NVDznc/znc1.7.2

Also affects: Fedora 28, 29, 30, Ubuntu Linux 18.10

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-qwh2-7wpp-c8p6: ZNC before 1↗2022-05-14

▶

OSV

CVE-2019-9917: ZNC before 1↗2019-03-27

▶

📋Vendor Advisories

Ubuntu

ZNC vulnerability↗2019-04-18

▶

Debian

CVE-2019-9917: znc - ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service...↗2019

▶

💬Community

Bugzilla

CVE-2019-12816 znc: invalid encoding leading to remote code execution↗2019-07-02

▶

Bugzilla

CVE-2019-9917 znc: crash on invalid encoding [fedora-all]↗2019-03-26

▶

Bugzilla

CVE-2019-9917 znc: crash on invalid encoding↗2019-03-26

▶

Bugzilla

CVE-2019-9917 znc: crash on invalid encoding [epel-7]↗2019-03-26

▶