Your submission was sent successfully! Close

CVE-2015-8702

Published: 12 April 2016

The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.

Priority

Medium

CVSS 3 base score: 8.6

Status

Package Release Status
inspircd
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.20-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.0.5-1+deb7u2build0.14.04.1])