CVE-2013-2130 - ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and c

CVE-2013-2130

Summary

ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp. Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"

References

Vulnerable Configurations

cpe:2.3:a:znc:znc:1.0:*:*:*:*:*:*:*
cpe:2.3:a:znc:znc:1.0:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 10-09-2015 - 15:24)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:P

refmap via4

confirm	http://advisories.mageia.org/MGASA-2013-0257.html https://github.com/znc/znc/commit/2bd410ee5570cea127233f1133ea22f25174eb28
fedora	FEDORA-2013-14123 FEDORA-2013-14132
mandriva	MDVSA-2015:013
mlist	[oss-security] 20130530 Re: CVE request: znc: null pointer dereference in webadmin
secunia	53450

Last major update

10-09-2015 - 15:24

Published

05-06-2014 - 20:55

Last modified

10-09-2015 - 15:24