Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Inspircd Security Vulnerabilities

cve
cve

CVE-2008-1925

Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents, and long hostnames.

6.5AI Score

0.058EPSS

2008-04-24 05:05 AM
24
cve
cve

CVE-2012-1836

Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression.

9.6AI Score

0.166EPSS

2012-03-22 03:28 AM
42
cve
cve

CVE-2012-6696

inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.

9.8CVSS

9.2AI Score

0.166EPSS

2017-09-25 09:29 PM
31
cve
cve

CVE-2015-6674

Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.

9.8CVSS

9.3AI Score

0.166EPSS

2017-04-13 02:59 PM
34
cve
cve

CVE-2015-8702

The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.

8.6CVSS

8AI Score

0.008EPSS

2016-04-12 02:59 PM
37
cve
cve

CVE-2016-7142

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.

5.9CVSS

5.4AI Score

0.005EPSS

2016-09-26 03:59 PM
38
cve
cve

CVE-2019-20917

An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd se...

6.5CVSS

6.2AI Score

0.005EPSS

2020-09-11 05:15 AM
66
cve
cve

CVE-2019-20918

An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server.

6.5CVSS

6.5AI Score

0.001EPSS

2020-09-11 05:15 AM
41
cve
cve

CVE-2020-25269

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.

6.5CVSS

6.3AI Score

0.005EPSS

2020-09-11 05:15 AM
65
cve
cve

CVE-2021-33586

InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue.

4.3CVSS

4.4AI Score

0.001EPSS

2021-05-27 05:15 AM
91
3