Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-2448

znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.

Security Impact Summary

CVE-2010-2448 is a security vulnerability that . Impacting 1 product from znc organizations running these solutions should prioritize assessment and patching.

Historical Context

Documented in 2010, this vulnerability occurred amid the cloud computing expansion era, where traditional network perimeter security models were being reevaluated. Organizations were transitioning from isolated infrastructure to interconnected systems, creating new attack surfaces that vulnerabilities like this could exploit.

Published

2010-07-12T17:30:01.377

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.5 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	znc	znc	≤ 0.090	Yes
Application	znc	znc	0.034	Yes
Application	znc	znc	0.041	Yes
Application	znc	znc	0.043	Yes
Application	znc	znc	0.044	Yes
Application	znc	znc	0.045	Yes
Application	znc	znc	0.047	Yes
Application	znc	znc	0.050	Yes
Application	znc	znc	0.052	Yes
Application	znc	znc	0.054	Yes
Application	znc	znc	0.056	Yes
Application	znc	znc	0.058	Yes
Application	znc	znc	0.060	Yes
Application	znc	znc	0.062	Yes
Application	znc	znc	0.064	Yes
Application	znc	znc	0.066	Yes
Application	znc	znc	0.068	Yes
Application	znc	znc	0.070	Yes
Application	znc	znc	0.072	Yes
Application	znc	znc	0.074	Yes
Application	znc	znc	0.076	Yes
Application	znc	znc	0.078	Yes
Application	znc	znc	0.080	Yes

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929 ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043000.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043043.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043044.html ([email protected])
http://secunia.com/advisories/40523 Vendor Advisory ([email protected])
http://sourceforge.net/projects/znc/files/znc/0.092/znc-0.092-changelog.txt/view ([email protected])
http://www.debian.org/security/2010/dsa-2069 ([email protected])
http://www.securityfocus.com/bid/40982 ([email protected])
http://www.vupen.com/english/advisories/2010/1775 Vendor Advisory ([email protected])
http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026 ([email protected])
http://znc.svn.sourceforge.net/viewvc/znc?revision=2026&view=revision Patch ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043000.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043043.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043044.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/40523 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/projects/znc/files/znc/0.092/znc-0.092-changelog.txt/view (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2010/dsa-2069 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/40982 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1775 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026 (af854a3a-2127-422b-91ae-364da2661108)
http://znc.svn.sourceforge.net/viewvc/znc?revision=2026&view=revision Patch (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For znc's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.