Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/glsa-202107-22.xml
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2021-07-09 03:55:57 +0100
committerSam James <sam@gentoo.org>2021-07-09 03:55:57 +0100
commitdb3ffb10f69132efda1f830032fded0f2edac77a (patch)
tree5b03d69d9869cfb9e9805eeae122242316522296 /glsa-202107-22.xml
parent[ GLSA 202107-21 ] Wireshark: Multiple vulnerabilities (diff)
downloadglsa-db3ffb10f69132efda1f830032fded0f2edac77a.tar.gz
glsa-db3ffb10f69132efda1f830032fded0f2edac77a.tar.bz2
glsa-db3ffb10f69132efda1f830032fded0f2edac77a.zip
[ GLSA 202107-22 ] InspIRCd: Information disclosure
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'glsa-202107-22.xml')
-rw-r--r--glsa-202107-22.xml51
1 files changed, 51 insertions, 0 deletions
diff --git a/glsa-202107-22.xml b/glsa-202107-22.xml
new file mode 100644
index 00000000..47009889
--- /dev/null
+++ b/glsa-202107-22.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-22">
+ <title>InspIRCd: Information disclosure</title>
+ <synopsis>An information disclosure vulnerability in InspIRCd may allow
+ remote attackers to obtain sensitive information.
+ </synopsis>
+ <product type="ebuild">inspircd</product>
+ <announced>2021-07-09</announced>
+ <revised count="1">2021-07-09</revised>
+ <bug>791589</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-irc/inspircd" auto="yes" arch="*">
+ <unaffected range="ge">3.10.0</unaffected>
+ <vulnerable range="lt">3.10.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>InspIRCd is a modular Internet Relay Chat (IRC) server written in C++
+ which was created from scratch to be stable, modern and lightweight.
+ </p>
+ </background>
+ <description>
+ <p>InspIRCd incorrectly handled malformed PONG messages, resulting in
+ access of freed memory.
+ </p>
+ </description>
+ <impact type="low">
+ <p>A remote attacker could send crafted packets to the server, possibly
+ allowing them to obtain sensitive information.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All InspIRCd users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-irc/inspircd-3.10.0"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33586">CVE-2021-33586</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-07-08T23:19:01Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2021-07-09T02:55:39Z">sam_c</metadata>
+</glsa>