Note:
This project will be discontinued after December 13, 2021. [more]
2019-03-27
ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.
Products | Ubuntu_linux, Fedora, Znc |
Type | Improper Input Validation (CWE-20) |
First patch | - None (likely due to unavailable code) |
Patches | https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973 |
Links |
• https://usn.ubuntu.com/3950-1/
• https://seclists.org/bugtraq/2019/Jun/23 • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRHCMHI44AW5CJ22WV676BKFUWWCLA7T/ • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTRBTPL7WWKQ7DZ2ALDTCGYUWSE6SL3/ • https://www.debian.org/security/2019/dsa-4463 |