CVE-2010-2448
Last modified
CVE-2010-2448 is a vulnerability of currently unknown severity. znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.. EPSS estimates a 2.06% chance of exploitation in the next 30 days.
Description
znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Znc | Znc | <= 0.090 |
| Znc | Znc | 0.034 |
| Znc | Znc | 0.041 |
| Znc | Znc | 0.043 |
| Znc | Znc | 0.044 |
| Znc | Znc | 0.045 |
| Znc | Znc | 0.047 |
| Znc | Znc | 0.050 |
| Znc | Znc | 0.052 |
| Znc | Znc | 0.054 |
| Znc | Znc | 0.056 |
| Znc | Znc | 0.058 |
| Znc | Znc | 0.060 |
| Znc | Znc | 0.062 |
| Znc | Znc | 0.064 |
| Znc | Znc | 0.066 |
| Znc | Znc | 0.068 |
| Znc | Znc | 0.070 |
| Znc | Znc | 0.072 |
| Znc | Znc | 0.074 |
| Znc | Znc | 0.076 |
| Znc | Znc | 0.078 |
| Znc | Znc | 0.080 |
References
- http://secunia.com/advisories/40523Vendor Advisory
- http://www.vupen.com/english/advisories/2010/1775Vendor Advisory
- http://secunia.com/advisories/40523Vendor Advisory
- http://www.vupen.com/english/advisories/2010/1775Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-2448?
How severe is CVE-2010-2448?
How do I fix CVE-2010-2448?
Are you affected by CVE-2010-2448?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST