CVE-2013-5580

2013-10-0119:55:09

CWE-20

mitre

web.nvd.nist.gov

cve-2013-5580

conn_startlogin

cb_read_resolver_result

ngircd

denial of service

assertion failure

server crash

information security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.8

Confidence

Low

EPSS

0.027

Percentile

90.7%

JSON

The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a “notice auth” message not being sent to a new client.

Affected configurations

Nvd

Node

bartonngircdMatch18.0

bartonngircdMatch19.0

bartonngircdMatch19.1

bartonngircdMatch20.0

bartonngircdMatch20.1

bartonngircdMatch20.2

VendorProductVersionCPE
bartonngircd18.0cpe:2.3:a:barton:ngircd:18.0:*:*:*:*:*:*:*
bartonngircd19.0cpe:2.3:a:barton:ngircd:19.0:*:*:*:*:*:*:*
bartonngircd19.1cpe:2.3:a:barton:ngircd:19.1:*:*:*:*:*:*:*
bartonngircd20.0cpe:2.3:a:barton:ngircd:20.0:*:*:*:*:*:*:*
bartonngircd20.1cpe:2.3:a:barton:ngircd:20.1:*:*:*:*:*:*:*
bartonngircd20.2cpe:2.3:a:barton:ngircd:20.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
barton	ngircd	18.0	cpe:2.3:a:barton:ngircd:18.0:::::::*
barton	ngircd	19.0	cpe:2.3:a:barton:ngircd:19.0:::::::*
barton	ngircd	19.1	cpe:2.3:a:barton:ngircd:19.1:::::::*
barton	ngircd	20.0	cpe:2.3:a:barton:ngircd:20.0:::::::*
barton	ngircd	20.1	cpe:2.3:a:barton:ngircd:20.1:::::::*
barton	ngircd	20.2	cpe:2.3:a:barton:ngircd:20.2:::::::*