CVE-2013-5580

2013-10-0119:55:09

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.8

Confidence

Low

EPSS

0.027

Percentile

90.7%

JSON

The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a “notice auth” message not being sent to a new client.

Affected configurations

Nvd

Node

bartonngircdMatch18.0

bartonngircdMatch19.0

bartonngircdMatch19.1

bartonngircdMatch20.0

bartonngircdMatch20.1

bartonngircdMatch20.2

VendorProductVersionCPE
bartonngircd18.0cpe:2.3:a:barton:ngircd:18.0:*:*:*:*:*:*:*
bartonngircd19.0cpe:2.3:a:barton:ngircd:19.0:*:*:*:*:*:*:*
bartonngircd19.1cpe:2.3:a:barton:ngircd:19.1:*:*:*:*:*:*:*
bartonngircd20.0cpe:2.3:a:barton:ngircd:20.0:*:*:*:*:*:*:*
bartonngircd20.1cpe:2.3:a:barton:ngircd:20.1:*:*:*:*:*:*:*
bartonngircd20.2cpe:2.3:a:barton:ngircd:20.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
barton	ngircd	18.0	cpe:2.3:a:barton:ngircd:18.0:::::::*
barton	ngircd	19.0	cpe:2.3:a:barton:ngircd:19.0:::::::*
barton	ngircd	19.1	cpe:2.3:a:barton:ngircd:19.1:::::::*
barton	ngircd	20.0	cpe:2.3:a:barton:ngircd:20.0:::::::*
barton	ngircd	20.1	cpe:2.3:a:barton:ngircd:20.1:::::::*
barton	ngircd	20.2	cpe:2.3:a:barton:ngircd:20.2:::::::*