CVE-2014-9403 Common Vulnerabilities and Exposures

Upstream information

CVE-2014-9403 at MITRE

Description

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

CVSS v2 Scores
	National Vulnerability Database
Base Score	4
Vector	AV:N/AC:L/Au:S/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Low
Authentication	Single
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

SUSE Bugzilla entry: 956254 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2015:2163-1 openSUSE-SU-2015:2164-1

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 12	`znc >= 1.6.2-4.1` `znc-devel >= 1.6.2-4.1` `znc-perl >= 1.6.2-4.1` `znc-python3 >= 1.6.2-4.1` `znc-tcl >= 1.6.2-4.1`	Patchnames: openSUSE-2016-802

SUSE Timeline for this CVE

CVE page created: Fri Dec 19 17:15:35 2014
CVE page last modified: Thu Dec 7 13:07:59 2023