Your submission was sent successfully! Close

CVE-2019-12816

Published: 15 June 2019

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.

From the Ubuntu security team

It was discovered that ZNC incorrectly handled loading modules. A non-admin user could possibly use this to escalate privileges or execute arbitry code.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
znc
Launchpad, Ubuntu, Debian
bionic
Released (1.6.6-1ubuntu0.2)
cosmic
Released (1.7.1-2ubuntu0.2)
disco
Released (1.7.2-2ubuntu0.1)
precise Does not exist

trusty Does not exist

upstream
Released (1.7.2-3)
xenial
Released (1.6.3-1ubuntu0.2)
Patches:
upstream: https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311