CVE-2010-2448: Null Pointer Dereference
First published: Mon Jul 12 2010(Updated: )
znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ZNC | <=0.090 | |
| ZNC | =0.034 | |
| ZNC | =0.041 | |
| ZNC | =0.043 | |
| ZNC | =0.044 | |
| ZNC | =0.045 | |
| ZNC | =0.047 | |
| ZNC | =0.050 | |
| ZNC | =0.052 | |
| ZNC | =0.054 | |
| ZNC | =0.056 | |
| ZNC | =0.058 | |
| ZNC | =0.060 | |
| ZNC | =0.062 | |
| ZNC | =0.064 | |
| ZNC | =0.066 | |
| ZNC | =0.068 | |
| ZNC | =0.070 | |
| ZNC | =0.072 | |
| ZNC | =0.074 | |
| ZNC | =0.076 | |
| ZNC | =0.078 | |
| ZNC | =0.080 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/40982
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043044.html
- http://www.debian.org/security/2010/dsa-2069
- http://www.vupen.com/english/advisories/2010/1775
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043000.html
- http://znc.svn.sourceforge.net/viewvc/znc?revision=2026&view=revision
- http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929
- http://secunia.com/advisories/40523
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043043.html
- http://sourceforge.net/projects/znc/files/znc/0.092/znc-0.092-changelog.txt/view
Frequently Asked Questions
What is the severity of CVE-2010-2448?
CVE-2010-2448 is classified as a denial of service vulnerability that can crash the application.
How do I fix CVE-2010-2448?
To fix CVE-2010-2448, upgrade ZNC to version 0.092 or later.
Who is affected by CVE-2010-2448?
CVE-2010-2448 affects all versions of ZNC prior to 0.092.
What kind of attack vector is exploited in CVE-2010-2448?
CVE-2010-2448 is exploited by remote authenticated users requesting traffic statistics during an active unauthenticated connection.
What are the consequences of exploiting CVE-2010-2448?
Exploitation of CVE-2010-2448 can lead to a denial of service, causing the ZNC server to crash.
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/znc
- canonical/znc
- version/znc/0.090
- version/znc/0.034
- version/znc/0.041
- version/znc/0.043
- version/znc/0.044
- version/znc/0.045
- version/znc/0.047
- version/znc/0.050
- version/znc/0.052
- version/znc/0.054
- version/znc/0.056
- version/znc/0.058
- version/znc/0.060
- version/znc/0.062
- version/znc/0.064
- version/znc/0.066
- version/znc/0.068
- version/znc/0.070
- version/znc/0.072
- version/znc/0.074
- version/znc/0.076
- version/znc/0.078
- version/znc/0.080