oss-sec mailing list archives

CVE Request - ZNC

From: Kurt Seifried <kurt () seifried org>
Date: Mon, 9 Aug 2010 17:36:27 -0600

Vincent Danen      2010-08-09 17:44:43 EDT

An out-of-range flaw was found in znc where if it received a "PING" from a
client without an argument, std::string would throw a std::out_of_range
exception which killed znc.  This is fixed in subversion [1].

Some unsafe substr() calls were fixed as well.  These are of lesser impact
because a valid login is required in order to cause a std::out_of_range
exception.  This is also fixed in subversion [2].

[1] http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093
[2] http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095

http://en.znc.in/wiki/ZNC
https://bugzilla.redhat.com/show_bug.cgi?id=622601
https://bugzilla.redhat.com/show_bug.cgi?id=622600


-- 
Kurt Seifried
kurt () seifried org
tel: 1-703-879-3176

Current thread:

CVE Request - ZNC Kurt Seifried (Aug 09)
- Re: CVE Request - ZNC Kurt Seifried (Aug 09)
  - Re: Re: CVE Request - ZNC Josh Bressers (Aug 10)