CVE-2015-8702

Published: Apr 12, 2016Modified: May 6, 2026

8.6

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.

Affected (3)

Products: Debian: Debian Linux · Inspircd: Inspircd

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Inspircd Inspircd	Up to 2.0.18

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://www.debian.org/security/2016/dsa-3527

Source: cve@mitre.org

Vendor Advisory

http://www.inspircd.org/2015/04/16/v2019-released.html

Source: cve@mitre.org

Vendor Advisory

https://github.com/inspircd/inspircd/commit/6058483d9fbc1b904d5ae7cfea47bfcde5c5b559

Source: cve@mitre.org

Exploit

https://github.com/inspircd/inspircd/issues/1033

Source: cve@mitre.org

Exploit

https://security.gentoo.org/glsa/201512-13

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3527