Inspircd

inspircd

10 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-33586 1Inspircd 1Inspircd Nov 21, 2024 May 27, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue.
CVE-2020-25269 2Debian Inspircd 2Debian Linux Inspircd Nov 21, 2024 Sep 11, 2020 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remo...Show more An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.Show less
CVE-2019-20918 1Inspircd 1Inspircd Nov 21, 2024 Sep 11, 2020 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect t...Show more An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server.Show less
CVE-2019-20917 2Debian Inspircd 2Debian Linux Inspircd Nov 21, 2024 Sep 11, 2020 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqlope...Show more An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.Show less
CVE-2012-6696 1Inspircd 1Inspircd May 13, 2026 Sep 25, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.
CVE-2015-6674 2Debian Inspircd 2Debian Linux Inspircd May 13, 2026 Apr 13, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-183...Show more Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.Show less
CVE-2016-7142 2Debian Inspircd 2Debian Linux Inspircd May 6, 2026 Sep 26, 2016 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a cr...Show more The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.Show less
CVE-2015-8702 2Debian Inspircd 2Debian Linux Inspircd May 6, 2026 Apr 12, 2016 N/A· v4 8.6 HIGH· v3 7.8 HIGH· v2 The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) char...Show more The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.Show less
CVE-2012-1836 1Inspircd 1Inspircd Apr 29, 2026 Mar 22, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression.
CVE-2008-1925 1Inspircd 1Inspircd Apr 23, 2026 Apr 24, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents...Show more Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents, and long hostnames.Show less