Vulnerability Details : CVE-2010-0303
mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 through 1.9.4 allows remote attackers to cause a denial of service (daemon crash) via a ":help \t" private message to the MemoServ service.
Vulnerability category: Denial of service
Products affected by CVE-2010-0303
- cpe:2.3:a:dinko_korunic:hybserv2:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:dinko_korunic:hybserv2:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:dinko_korunic:hybserv2:1.9.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0303
14.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0303
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-0303
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0303
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550389
#550389 - hybserv: misparsing when sent commands with tabs - Debian Bug report logs
-
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2.diff.gz
404 Not FoundPatch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/55992
Hybserv2 private message denial of service CVE-2010-0303 Vulnerability Report
-
http://www.debian.org/security/2010/dsa-1982
Debian -- Security Information -- DSA-1982-1 hybserv
-
http://secunia.com/advisories/38352
Sign inVendor Advisory
-
http://secunia.com/advisories/38350
Sign inVendor Advisory
-
http://www.securityfocus.com/bid/38006
Hybserv2 ':help' Command Denial Of Service Vulnerability
-
http://marc.info/?l=oss-security&m=126476591925300&w=2
'Re: [oss-security] CVE id: hybserv' - MARC
Jump to