CVE-2013-5580
Last modified
CVE-2013-5580 is a vulnerability of currently unknown severity. The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a "notice auth" message not being sent to a new client.. EPSS estimates a 2.32% chance of exploitation in the next 30 days.
Description
The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a "notice auth" message not being sent to a new client.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Barton | Ngircd | 18.0 |
| Barton | Ngircd | 19.0 |
| Barton | Ngircd | 19.1 |
| Barton | Ngircd | 20.0 |
| Barton | Ngircd | 20.1 |
| Barton | Ngircd | 20.2 |
References
- http://secunia.com/advisories/54567Vendor Advisory
- http://secunia.com/advisories/54567Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-5580?
How severe is CVE-2013-5580?
How do I fix CVE-2013-5580?
Are you affected by CVE-2013-5580?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST