Published: 12/04/2016 Updated: 14/09/2020

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 8.6 | Impact Score: 4 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

The DNS::GetResult function in dns.cpp in InspIRCd prior to 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 7.0
debian debian linux 8.0
inspircd inspircd

It was discovered that inspircd, an IRC daemon, incorrectly handled PTR lookups of connecting users This flaw allowed a remote attacker to crash the application by setting up malformed DNS records, thus causing a denial-of-service, For the oldstable distribution (wheezy), this problem has been fixed in version 205-1+deb7u2 For the stable distri ...

CWE-20 https://github.com/inspircd/inspircd/commit/6058483d9fbc1b904d5ae7cfea47bfcde5c5b559 http://www.debian.org/security/2016/dsa-3527 http://www.inspircd.org/2015/04/16/v2019-released.html https://github.com/inspircd/inspircd/issues/1033 https://security.gentoo.org/glsa/201512-13 https://nvd.nist.gov https://www.debian.org/security/./dsa-3527

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-8702

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect