CVE-2019-12816

Published: Jun 15, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.

Affected (1)

Products: Znc: Znc

Znc

1 product

Znc

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Znc Znc	Up to 1.7.3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00037.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00018.html

Source: cve@mitre.org

https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/znc/znc/compare/be1b6bc...d1997d6

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/06/msg00017.html

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4O24TQOB73X57GACLZVMRVUK4UKHLE5G/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHR6OD52FQAG5ZPZ42NJM2T765C3V2XC/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEESIGRNFLZUWXZPDGXAZ7JZTHYBDJ7G/

Source: cve@mitre.org

https://seclists.org/bugtraq/2019/Jun/23

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/201908-15

Source: cve@mitre.org

https://usn.ubuntu.com/4044-1/

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00037.html