Unrealircd : Security Vulnerabilities, CVEs, CVSS score >= 7
A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.
Max CVSS
7.5
EPSS Score
0.19%
Published
2023-12-16
Updated
2023-12-21
The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
Max CVSS
8.1
EPSS Score
0.85%
Published
2017-01-18
Updated
2017-01-20
CVE-2010-2075
Public exploit
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
Max CVSS
7.5
EPSS Score
64.95%
Published
2010-06-15
Updated
2010-06-18
3 vulnerabilities found