CVE-2014-9403
Summary
| CVE | CVE-2014-9403 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-12-19 15:59:00 UTC |
| Updated | 2015-09-29 00:31:00 UTC |
| Description | The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ZNC 'CWebAdminMod::ChanPage()' Function Denial of Service Vulnerability | BID | www.securityfocus.com | |
| Crash while adding channels to the web admin · Issue #528 · znc/znc · GitHub | CONFIRM | github.com | Vendor Advisory |
| oss-security - Re: CVE Request: ZNC NULL Pointer Dereference | MLIST | www.openwall.com | |
| Support / Security / Advisories / / MDVSA-2015:013 | Mandriva | MANDRIVA | www.mandriva.com | |
| znc/ChangeLog.md at master · znc/znc · GitHub | CONFIRM | github.com | |
| Mageia Advisory: MGASA-2014-0543 - Updated znc package fixes CVE-2014-9403 | CONFIRM | advisories.mageia.org | |
| Security Advisory SA57795 - znc "CWebAdminMod::ChanPage()" NULL Pointer Dereference Vulnerability - Secunia | SECUNIA | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.