QwikSec

Security Database

CVE

CWE

Training

CVE-2009-4652

Published: Feb 26, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=blobdiff%3Bf=src/ngircd/conn.c%3Bh=c6095a31c613bc5ca127d55b8723e15b836f1cca%3Bhp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c%3Bhb=627b0b713c52406e50c84bb9459e7794262920a2%3Bhpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e

x_refsource_MISC

http://ngircd.barton.de/doc/ChangeLog

x_refsource_CONFIRM

http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=627b0b713c52406e50c84bb9459e7794262920a2

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

http://ngircd.barton.de/doc/NEWS

x_refsource_CONFIRM

ngircd-ssltls-dos(54272)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.