CVE-2005-0199 - Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote a

CVE-2005-0199

Summary

Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.

References

http://arthur.ath.cx/pipermail/ngircd-ml/2005-January/000228.html
http://bugs.gentoo.org/show_bug.cgi?id=79705
http://www.gentoo.org/security/en/glsa/glsa-200501-40.xml
http://www.securityfocus.com/bid/12397
http://securitytracker.com/id?1013047
http://secunia.com/advisories/14056
http://secunia.com/advisories/14059
https://exchange.xforce.ibmcloud.com/vulnerabilities/19143

Vulnerable Configurations

cpe:2.3:a:barton:ngircd:*:*:*:*:*:*:*:*
cpe:2.3:a:barton:ngircd:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 08-02-2024 - 15:43)
Impact:
Exploitability:

CWE

CWE-191

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	12397
confirm	http://bugs.gentoo.org/show_bug.cgi?id=79705
gentoo	GLSA-200501-40
mlist	[ngIRCd-ML] 20050126 ngIRCd 0.8.2
sectrack	1013047
secunia	14056 14059
xf	ngircd-listmakemask-bo(19143)

Last major update

08-02-2024 - 15:43

Published

02-05-2005 - 04:00

Last modified

08-02-2024 - 15:43