CVE-2010-2448

Published: Jul 12, 2010Modified: Apr 29, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.

Affected (23)

Products: Znc: Znc

1 product

Configuration A

23 vulnerable

Vulnerable Software	Affected Versions
Znc Znc	Up to 0.090
Znc Znc	Version 0.034
Znc Znc	Version 0.041
Znc Znc	Version 0.043
Znc Znc	Version 0.044
Znc Znc	Version 0.045
Znc Znc	Version 0.047
Znc Znc	Version 0.050
Znc Znc	Version 0.052
Znc Znc	Version 0.054
Znc Znc	Version 0.056
Znc Znc	Version 0.058
Znc Znc	Version 0.060
Znc Znc	Version 0.062
Znc Znc	Version 0.064
Znc Znc	Version 0.066
Znc Znc	Version 0.068
Znc Znc	Version 0.070
Znc Znc	Version 0.072
Znc Znc	Version 0.074
Znc Znc	Version 0.076
Znc Znc	Version 0.078
Znc Znc	Version 0.080

References (22)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043000.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043043.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043044.html

Source: cve@mitre.org

http://secunia.com/advisories/40523

Source: cve@mitre.org

Vendor Advisory

http://sourceforge.net/projects/znc/files/znc/0.092/znc-0.092-changelog.txt/view

Source: cve@mitre.org

http://www.debian.org/security/2010/dsa-2069

Source: cve@mitre.org

http://www.securityfocus.com/bid/40982

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/1775

Source: cve@mitre.org

Vendor Advisory

http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026

Source: cve@mitre.org

http://znc.svn.sourceforge.net/viewvc/znc?revision=2026&view=revision

Source: cve@mitre.org

Patch

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043043.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043044.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/40523

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://sourceforge.net/projects/znc/files/znc/0.092/znc-0.092-changelog.txt/view

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2010/dsa-2069

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/40982

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/1775

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026

Source: af854a3a-2127-422b-91ae-364da2661108

http://znc.svn.sourceforge.net/viewvc/znc?revision=2026&view=revision

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.