CVE-2009-0759

Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
zncznc
𝑥
≤ 0.062
zncznc
0.056
zncznc
0.058
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
znc
bullseye (security)
1.8.2-2+deb11u1
fixed
bullseye
1.8.2-2+deb11u1
fixed
bookworm
1.8.2-3.1+deb12u1
fixed
bookworm (security)
1.8.2-3.1+deb12u1
fixed
sid
1.9.1-2
fixed
trixie
1.9.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
znc
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
ignored
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
dne