Vulnerability CVE-2020-25269
Published: 2020-09-11

Description:
An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.

Type:

CWE-416

 (Use After Free)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Inspircd -> Inspircd 

 References:
https://docs.inspircd.org/security/2020-01/
https://github.com/inspircd/inspircd/compare/426d1c8...b3f1db9
https://github.com/inspircd/inspircd/compare/v2.0.28...07d7dea
https://www.debian.org/security/2020/dsa-4764
Copyright 2024, cxsecurity.com

 

Back to Top