CVE-2014-9403

EUVD-2014-9224
The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
zncznc
𝑥
≤ 1.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
znc
bookworm
1.8.2-3.1+deb12u1
fixed
bookworm (security)
1.8.2-3.1+deb12u1
fixed
bullseye
1.8.2-2+deb11u1
fixed
bullseye (security)
1.8.2-2+deb11u1
fixed
sid
1.9.1-2
fixed
squeeze
no-dsa
trixie
1.9.1-2
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
znc
artful
not-affected
bionic
not-affected
lucid
ignored
precise
ignored
trusty
Fixed 1.2-3ubuntu0.1
released
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
References
http://advisories.mageia.org/MGASA-2014-0543.html
http://secunia.com/advisories/57795
http://www.mandriva.com/security/advisories?name=MDVSA-2015:013
http://www.openwall.com/lists/oss-security/2014/12/18/2
http://www.securityfocus.com/bid/66926
https://github.com/znc/znc/blob/master/ChangeLog.md
https://github.com/znc/znc/issues/528
http://advisories.mageia.org/MGASA-2014-0543.html
http://secunia.com/advisories/57795
http://www.mandriva.com/security/advisories?name=MDVSA-2015:013
http://www.openwall.com/lists/oss-security/2014/12/18/2
http://www.securityfocus.com/bid/66926
https://github.com/znc/znc/blob/master/ChangeLog.md
https://github.com/znc/znc/issues/528