Lucene search

MitreCVE-2023-50784

HistoryDec 16, 2023 - 11:15 p.m.

CVE-2023-50784

2023-12-1623:15:40

CWE-120

mitre

web.nvd.nist.gov

cve-2023-50784

buffer overflow

websockets

unrealircd

remote code execution

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

57.0%

JSON

A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.

Affected configurations

Nvd

Node

unrealircdunrealircdRange6.1.0–6.1.4

VendorProductVersionCPE
unrealircdunrealircd*cpe:2.3:a:unrealircd:unrealircd:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
unrealircd	unrealircd	*	cpe:2.3:a:unrealircd:unrealircd::::::::

References

forums.unrealircd.org/viewtopic.php?t=9340

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/

www.unrealircd.org/index/news

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

57.0%

JSON

Related for CVE-2023-50784