CVE-2023-50784
Severity CVSS v4.0:
Pending analysis
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
16/12/2023
Last modified:
26/12/2023
Description
A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:unrealircd:unrealircd:*:*:*:*:*:*:*:* | 6.1.0 (including) | 6.1.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://forums.unrealircd.org/viewtopic.php?t=9340
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/
- https://www.unrealircd.org/index/news