REDHAT-BUG-622600
First published: Mon Aug 09 2010(Updated: )
An out-of-range flaw was found in znc where if it received a "PING" from a client without an argument, std::string would throw a std::out_of_range exception which killed znc. This is fixed in subversion [1]. Some unsafe substr() calls were fixed as well. These are of lesser impact because a valid login is required in order to cause a std::out_of_range exception. This is also fixed in subversion [2]. [1] <a href="http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093">http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093</a> [2] <a href="http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095">http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ZNC | <2093 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093
- http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=622601
- https://access.redhat.com/security/cve/CVE-2010-2812
- https://access.redhat.com/security/cve/CVE-2010-2934
- https://bugzilla.redhat.com/show_bug.cgi?id=622600
- collector/redhat-bugzilla
- alias/CVE-2010-2812
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/znc
- canonical/znc