Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-2448

znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.

Published

2010-07-12T17:30:01.377

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.5 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	znc	znc	≤ 0.090	Yes
Application	znc	znc	0.034	Yes
Application	znc	znc	0.041	Yes
Application	znc	znc	0.043	Yes
Application	znc	znc	0.044	Yes
Application	znc	znc	0.045	Yes
Application	znc	znc	0.047	Yes
Application	znc	znc	0.050	Yes
Application	znc	znc	0.052	Yes
Application	znc	znc	0.054	Yes
Application	znc	znc	0.056	Yes
Application	znc	znc	0.058	Yes
Application	znc	znc	0.060	Yes
Application	znc	znc	0.062	Yes
Application	znc	znc	0.064	Yes
Application	znc	znc	0.066	Yes
Application	znc	znc	0.068	Yes
Application	znc	znc	0.070	Yes
Application	znc	znc	0.072	Yes
Application	znc	znc	0.074	Yes
Application	znc	znc	0.076	Yes
Application	znc	znc	0.078	Yes
Application	znc	znc	0.080	Yes

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929 ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043000.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043043.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043044.html ([email protected])
http://secunia.com/advisories/40523 Vendor Advisory ([email protected])
http://sourceforge.net/projects/znc/files/znc/0.092/znc-0.092-changelog.txt/view ([email protected])
http://www.debian.org/security/2010/dsa-2069 ([email protected])
http://www.securityfocus.com/bid/40982 ([email protected])
http://www.vupen.com/english/advisories/2010/1775 Vendor Advisory ([email protected])
http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026 ([email protected])
http://znc.svn.sourceforge.net/viewvc/znc?revision=2026&view=revision Patch ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043000.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043043.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043044.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/40523 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/projects/znc/files/znc/0.092/znc-0.092-changelog.txt/view (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2010/dsa-2069 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/40982 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1775 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026 (af854a3a-2127-422b-91ae-364da2661108)
http://znc.svn.sourceforge.net/viewvc/znc?revision=2026&view=revision Patch (af854a3a-2127-422b-91ae-364da2661108)