GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Jul 09, 2021 5:26 am Post subject: [ GLSA 202107-22 ] InspIRCd |
 |
|
Gentoo Linux Security Advisory
Title: InspIRCd: Information disclosure (GLSA 202107-22)
Severity: low
Exploitable: remote
Date: 2021-07-09
Bug(s): #791589
ID: 202107-22
Synopsis
An information disclosure vulnerability in InspIRCd may allow
remote attackers to obtain sensitive information.
Background
InspIRCd is a modular Internet Relay Chat (IRC) server written in C++
which was created from scratch to be stable, modern and lightweight.
Affected Packages
Package: net-irc/inspircd
Vulnerable: < 3.10.0
Unaffected: >= 3.10.0
Architectures: All supported architectures
Description
InspIRCd incorrectly handled malformed PONG messages, resulting in
access of freed memory.
Impact
A remote attacker could send crafted packets to the server, possibly
allowing them to obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All InspIRCd users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/inspircd-3.10.0"
|
References
CVE-2021-33586 |
|
News & Announcements
