Your submission was sent successfully! Close

CVE-2010-2448

Published: 12 July 2010

znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.

Priority

Medium

Status

Package Release Status
znc
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Ignored
(reached end-of-life)
jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid
Released (0.078-1ubuntu0.1)
maverick
Released (0.090-2)
natty
Released (0.090-2)
oneiric
Released (0.090-2)
precise
Released (0.090-2)
quantal
Released (0.090-2)
upstream
Released (0.092)
Patches:
upstream: http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026

Notes

AuthorNote
sbeattie
debian's CVE tracker for some reason references gitolite with
this CVE; I think it's an editing mistake.
mdeslaur
this is actually a typo. CVE-2010-2488 is the actual CVE number.

References

Bugs