QwikSec

Security Database

CVE

CWE

Training

CVE-2012-6084

Published: Jan 1, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly support capability negotiation during server handshakes, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt

x_refsource_CONFIRM

https://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch

x_refsource_CONFIRM

http://www.stack.nl/~jilles/irc/charybdis-3.4.2.tbz2

x_refsource_CONFIRM

[oss-security] 20130101 Re: Charybdis: Improper assumptions in the server handshake code may lead to a remote crash

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

http://www.ratbox.org/download/ircd-ratbox-3.0.8.tar.bz2

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.