Vulnerability Details CVE-2022-24976
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.8%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 5.8
References
- https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52
- https://github.com/atheme/atheme/compare/v7.2.11...v7.2.12
- https://www.openwall.com/lists/oss-security/2022/01/30/4
- https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52
- https://github.com/atheme/atheme/compare/v7.2.11...v7.2.12
- https://www.openwall.com/lists/oss-security/2022/01/30/4
Products affected by CVE-2022-24976
-
cpe:2.3:a:atheme:atheme:7.2.0
-
cpe:2.3:a:atheme:atheme:7.2.1
-
cpe:2.3:a:atheme:atheme:7.2.10
-
cpe:2.3:a:atheme:atheme:7.2.11
-
cpe:2.3:a:atheme:atheme:7.2.2
-
cpe:2.3:a:atheme:atheme:7.2.3
-
cpe:2.3:a:atheme:atheme:7.2.4
-
cpe:2.3:a:atheme:atheme:7.2.5
-
cpe:2.3:a:atheme:atheme:7.2.6
-
cpe:2.3:a:atheme:atheme:7.2.7
-
cpe:2.3:a:atheme:atheme:7.2.8
-
cpe:2.3:a:atheme:atheme:7.2.9