Vulnerability Details CVE-2013-7049
Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as used in ZNC for Windows (znc-msvc) 0.206 and earlier, allows remote attackers to cause a denial of service (crash) via a long string in a DH1080_INIT message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.8%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/100859
- http://seclists.org/oss-sec/2013/q4/482
- http://seclists.org/oss-sec/2013/q4/489
- http://www.securityfocus.com/bid/64254
- https://code.google.com/p/znc-msvc/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89671
- http://osvdb.org/100859
- http://seclists.org/oss-sec/2013/q4/482
- http://seclists.org/oss-sec/2013/q4/489
- http://www.securityfocus.com/bid/64254
- https://code.google.com/p/znc-msvc/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89671
Products affected by CVE-2013-7049
-
cpe:2.3:a:znc:znc-msvc:0.076
-
cpe:2.3:a:znc:znc-msvc:0.077
-
cpe:2.3:a:znc:znc-msvc:0.078
-
cpe:2.3:a:znc:znc-msvc:0.079
-
cpe:2.3:a:znc:znc-msvc:0.080
-
cpe:2.3:a:znc:znc-msvc:0.089
-
cpe:2.3:a:znc:znc-msvc:0.090
-
cpe:2.3:a:znc:znc-msvc:0.093
-
cpe:2.3:a:znc:znc-msvc:0.094
-
cpe:2.3:a:znc:znc-msvc:0.095
-
cpe:2.3:a:znc:znc-msvc:0.097
-
cpe:2.3:a:znc:znc-msvc:0.098
-
cpe:2.3:a:znc:znc-msvc:0.202
-
cpe:2.3:a:znc:znc-msvc:0.206