CVE-2013-5580 ngircd

Metadata

medium
4.3
ngircd
CVE-2013-5580
2017-12-30 18:04
CVE-2013-5580
2017-12-29 21:05
2017-06-18 07:05
2017-06-16 19:06
2017-04-01 19:11
2017-01-05 20:17

Description

The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a "notice auth" message not being sent to a new client.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

None

Unaffected

Release Package Reason
stretch ngircd
jessie ngircd
buster ngircd
wheezy ngircd
sid ngircd