CVE-2009-4652 ngircd

Metadata

low
2.6
ngircd
CVE-2009-4652
2017-12-30 18:04
CVE-2009-4652
2017-12-29 21:05
2017-06-18 07:05
2017-06-16 18:52
2017-04-01 19:11
2017-01-05 20:17

Description

The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster ngircd 15-0.1
jessie ngircd 15-0.1
sid ngircd 15-0.1
stretch ngircd 15-0.1
wheezy ngircd 15-0.1