Vulnerabilities > Unrealircd

DATE CVE VULNERABILITY TITLE RISK
2023-12-16 CVE-2023-50784 Classic Buffer Overflow vulnerability in Unrealircd
A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open).
network
low complexity
unrealircd CWE-120
7.5
2017-08-23 CVE-2017-13649 Improper Initialization vulnerability in Unrealircd
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
local
low complexity
unrealircd CWE-665
2.1
2017-01-18 CVE-2016-7144 Improper Authentication vulnerability in Unrealircd
The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
6.8
2014-05-19 CVE-2013-7384 Unspecified vulnerability in Unrealircd 3.2.10/3.2.10.1
UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL.
network
low complexity
unrealircd
5.0
2014-05-19 CVE-2013-6413 Resource Management Errors vulnerability in Unrealircd 3.2.10/3.2.10.1
Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors.
network
low complexity
unrealircd CWE-399
5.0
2010-06-15 CVE-2010-2075 Improper Input Validation vulnerability in Unrealircd 3.2.8.1
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
network
low complexity
unrealircd CWE-20
7.5
2010-06-15 CVE-2009-4893 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Unrealircd
Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
6.8