Vulnerabilities > Inspircd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-27 | CVE-2021-33586 | Incorrect Permission Assignment for Critical Resource vulnerability in Inspircd 3.8.0/3.8.1/3.9.0 InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue. | 4.0 |
| 2020-09-11 | CVE-2020-25269 | Use After Free vulnerability in multiple products An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. | 6.5 |
| 2020-09-11 | CVE-2019-20918 | Use After Free vulnerability in Inspircd 3.0.0/3.0.1 An issue was discovered in InspIRCd 3 before 3.1.0. | 6.8 |
| 2020-09-11 | CVE-2019-20917 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. | 6.5 |
| 2017-09-25 | CVE-2012-6696 | Improper Input Validation vulnerability in Inspircd inspircd in Debian before 2.0.7 does not properly handle unsigned integers. | 7.5 |
| 2017-04-13 | CVE-2015-6674 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. | 7.5 |
| 2016-09-26 | CVE-2016-7142 | Permissions, Privileges, and Access Controls vulnerability in multiple products The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message. | 4.3 |
| 2016-04-12 | CVE-2015-8702 | Improper Input Validation vulnerability in multiple products The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname. | 7.8 |
| 2012-03-22 | CVE-2012-1836 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Inspircd 2.0.5 Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression. | 7.5 |
| 2008-04-24 | CVE-2008-1925 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Inspircd Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents, and long hostnames. | 5.0 |