Description
Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- barton / ngircd0.8.2
References
- MISChttp://arthur.ath.cx/pipermail/ngircd-ml/2005-January/000228.html
- MISChttp://securitytracker.com/id?1013047
- VENDOR_ADVISORYhttp://secunia.com/advisories/14056
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/19143
- MISChttp://www.gentoo.org/security/en/glsa/glsa-200501-40.xml
- VENDOR_ADVISORYhttp://secunia.com/advisories/14059
- MISChttp://bugs.gentoo.org/show_bug.cgi?id=79705
- MISChttp://www.securityfocus.com/bid/12397