Your submission was sent successfully! Close

CVE-2014-9403

Published: 19 December 2014

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.

Priority

Medium

Status

Package Release Status
znc
Launchpad, Ubuntu, Debian
artful Not vulnerable

bionic Not vulnerable

cosmic Not vulnerable

lucid Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was released [1.2-3ubuntu0.1])
upstream
Released (1.2-4)
utopic Not vulnerable
(1.4-1build1)
vivid Does not exist

wily Not vulnerable

xenial Not vulnerable

yakkety Not vulnerable

zesty Not vulnerable