CVE-2010-2448

Severity

35%

Complexity

68%

Confidentiality

48%

Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.

Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

CVSS 2.0 Base Score 3.5. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P).

Overview

Type

ZNC

First reported 14 years ago

2010-07-12 17:30:00

Last updated 14 years ago

2010-07-12 17:30:00

Affected Software

ZNC 0.034

0.034

ZNC 0.041

0.041

ZNC 0.043

0.043

ZNC 0.044

0.044

ZNC 0.045

0.045

ZNC 0.047

0.047

ZNC 0.050

0.050

ZNC 0.052

0.052

ZNC 0.056

0.056

ZNC 0.058

0.058

ZNC 0.060

0.060

ZNC 0.062

0.062

ZNC 0.064

0.064

ZNC 0.066

0.066

ZNC 0.068

0.068

ZNC 0.070

0.070

ZNC 0.072

0.072

ZNC 0.074

0.074

ZNC 0.076

0.076

ZNC 0.078

0.078

ZNC 0.080

0.080

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929

FEDORA-2010-10042

FEDORA-2010-10078

FEDORA-2010-10082

40523

Vendor Advisory

http://sourceforge.net/projects/znc/files/znc/0.092/znc-0.092-changelog.txt/view

DSA-2069

40982

ADV-2010-1775

Vendor Advisory

http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026

http://znc.svn.sourceforge.net/viewvc/znc?revision=2026&view=revision

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.