Vulnerabilities > Inspircd

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2021-33586 Incorrect Permission Assignment for Critical Resource vulnerability in Inspircd 3.8.0/3.8.1/3.9.0
InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue.
network
low complexity
inspircd CWE-732
4.3
2020-09-11 CVE-2020-25269 Use After Free vulnerability in multiple products
An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0.
network
low complexity
inspircd debian CWE-416
6.5
2020-09-11 CVE-2019-20918 Use After Free vulnerability in Inspircd 3.0.0/3.0.1
An issue was discovered in InspIRCd 3 before 3.1.0.
network
low complexity
inspircd CWE-416
6.5
2020-09-11 CVE-2019-20917 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0.
network
low complexity
inspircd debian CWE-476
6.5
2017-09-25 CVE-2012-6696 Improper Input Validation vulnerability in Inspircd
inspircd in Debian before 2.0.7 does not properly handle unsigned integers.
network
low complexity
inspircd CWE-20
critical
9.8
2017-04-13 CVE-2015-6674 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid.
network
low complexity
inspircd debian CWE-119
critical
9.8
2016-09-26 CVE-2016-7142 Permissions, Privileges, and Access Controls vulnerability in multiple products
The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.
network
high complexity
inspircd debian CWE-264
5.9
2016-04-12 CVE-2015-8702 Improper Input Validation vulnerability in multiple products
The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.
network
low complexity
debian inspircd CWE-20
8.6