MidnightBSD

Advisories for znc

CVE-2010-2448 LOW

znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
znc znc 0.056
znc znc 0.054
znc znc 0.074
znc znc *
znc znc 0.043
znc znc 0.041
znc znc 0.068
znc znc 0.052
znc znc 0.058
znc znc 0.062
znc znc 0.044
znc znc 0.064
znc znc 0.076
znc znc 0.050
znc znc 0.047
znc znc 0.066
znc znc 0.034
znc znc 0.070
znc znc 0.080
znc znc 0.078
znc znc 0.045
znc znc 0.060
znc znc 0.072
CVE-2010-2812 MEDIUM

Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
znc znc 0.092
CVE-2010-2934 MEDIUM

Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to cause a denial of service (exception and daemon crash) via unknown vectors related to "unsafe substr() calls."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
znc znc 0.092
CVE-2013-2130 MEDIUM

ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
znc znc 1.0
CVE-2013-7049 MEDIUM

Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as used in ZNC for Windows (znc-msvc) 0.206 and earlier, allows remote attackers to cause a denial of service (crash) via a long string in a DH1080_INIT message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
znc znc-msvc 0.098
znc znc-msvc *
znc znc-msvc 0.077
znc znc-msvc 0.080
znc znc-msvc 0.202
znc znc-msvc 0.089
znc znc-msvc 0.079
znc znc-msvc 0.094
znc znc-msvc 0.090
znc znc-msvc 0.097
znc znc-msvc 0.078
znc znc-msvc 0.076
znc znc-msvc 0.095
znc znc-msvc 0.093
CVE-2014-9403 MEDIUM

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
znc znc *
CVE-2018-14055 MEDIUM

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 9.0
znc znc *
CVE-2018-14056 MEDIUM

ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
debian debian_linux 9.0
znc znc *
CVE-2019-12816 MEDIUM

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
znc znc *
CVE-2019-9917 MEDIUM

ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fedoraproject fedora 28
znc znc *
fedoraproject fedora 29
canonical ubuntu_linux 18.10
fedoraproject fedora 30
CVE-2020-13775 LOW

ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 31
znc znc 1.8.0
fedoraproject fedora 32
CVE-2020-29577 HIGH

The official znc docker images before 1.7.1-slim contain a blank password for a root user. Systems using the znc docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
znc znc_docker_image 1.7.1-slim
znc znc_docker_image 1.6.6
znc znc_docker_image 1.7.0
znc znc_docker_image 1.6.5
znc znc_docker_image 1.6.4-slim
znc znc_docker_image 1.7.0-slim
znc znc_docker_image 1.6
znc znc_docker_image 1.6.5-slim
znc znc_docker_image 1.6.6-slim
znc znc_docker_image 1.6.4
znc znc_docker_image 1.6-slim