CVE-2014-9403

Published: Dec 19, 2014Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.

Affected (1)

Products: Znc: Znc

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Znc Znc	Up to 1.2

References (14)

http://advisories.mageia.org/MGASA-2014-0543.html

Source: cve@mitre.org

http://secunia.com/advisories/57795

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2015:013

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/12/18/2

Source: cve@mitre.org

http://www.securityfocus.com/bid/66926

Source: cve@mitre.org

https://github.com/znc/znc/blob/master/ChangeLog.md

Source: cve@mitre.org

https://github.com/znc/znc/issues/528

Source: cve@mitre.org

Vendor Advisory

http://advisories.mageia.org/MGASA-2014-0543.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/57795

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2015:013

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/12/18/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/66926

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/znc/znc/blob/master/ChangeLog.md

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/znc/znc/issues/528

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.