CVE-2013-7049
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
23/12/2013
Last modified:
11/04/2025
Description
Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as used in ZNC for Windows (znc-msvc) 0.206 and earlier, allows remote attackers to cause a denial of service (crash) via a long string in a DH1080_INIT message.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:znc:znc-msvc:*:-:-:*:-:windows:*:* | 0.206 (including) | |
| cpe:2.3:a:znc:znc-msvc:0.076:-:-:*:-:windows:*:* | ||
| cpe:2.3:a:znc:znc-msvc:0.077:-:-:*:-:windows:*:* | ||
| cpe:2.3:a:znc:znc-msvc:0.078:-:-:*:-:windows:*:* | ||
| cpe:2.3:a:znc:znc-msvc:0.079:-:-:*:-:windows:*:* | ||
| cpe:2.3:a:znc:znc-msvc:0.080:-:-:*:-:windows:*:* | ||
| cpe:2.3:a:znc:znc-msvc:0.089:-:-:*:-:windows:*:* | ||
| cpe:2.3:a:znc:znc-msvc:0.090:-:-:*:-:windows:*:* | ||
| cpe:2.3:a:znc:znc-msvc:0.093:-:-:*:-:windows:*:* | ||
| cpe:2.3:a:znc:znc-msvc:0.094:-:-:*:-:windows:*:* | ||
| cpe:2.3:a:znc:znc-msvc:0.095:-:-:*:-:windows:*:* | ||
| cpe:2.3:a:znc:znc-msvc:0.097:-:-:*:-:windows:*:* | ||
| cpe:2.3:a:znc:znc-msvc:0.098:-:-:*:-:windows:*:* | ||
| cpe:2.3:a:znc:znc-msvc:0.202:-:-:*:-:windows:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/100859
- http://seclists.org/oss-sec/2013/q4/482
- http://seclists.org/oss-sec/2013/q4/489
- http://www.securityfocus.com/bid/64254
- https://code.google.com/p/znc-msvc/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89671
- http://osvdb.org/100859
- http://seclists.org/oss-sec/2013/q4/482
- http://seclists.org/oss-sec/2013/q4/489
- http://www.securityfocus.com/bid/64254
- https://code.google.com/p/znc-msvc/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89671