Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-27
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-02-14
Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8.
CVSS Score
7.5
EPSS Score
0.013
Published
2017-03-02
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
CVSS Score
7.5
EPSS Score
0.004
Published
2016-06-13
modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.
CVSS Score
7.5
EPSS Score
0.004
Published
2016-06-13
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.
CVSS Score
6.0
EPSS Score
0.014
Published
2012-10-01