CVE-2016-7142

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-7142
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7142.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-7142
Downstream
Published
2016-09-26T15:59:03.267Z
Modified
2025-11-20T10:31:04.598423Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The msasl module in InspIRCd before 2.0.23, when used with a service that supports SASLEXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.

References

Affected packages

Git / github.com/inspircd/inspircd

Affected ranges

Type
GIT
Repo
https://github.com/inspircd/inspircd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
74fafb7f11b06747f69f182ad5e3769b665eea7a

Affected versions

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.0a1
v1.1.0b1
v1.1.0b2
v1.1.0b3
v1.1.0b4
v1.1.0b5
v1.1.0b6
v1.1.0b6.1
v1.1.0b7
v1.1.0b8
v1.1.0b9
v1.1.0fork
v1.1.1
v1.1.10
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.2.0
v1.2.0a1
v1.2.0a2
v1.2.0a3
v1.2.0a4
v1.2.0a5
v1.2.0a6
v1.2.0b1
v1.2.0b2
v1.2.0b3
v1.2.0b4
v1.2.0fork
v1.2.0rc1
v1.2.0rc2
v1.2.0rc3
v1.2.0rc4
v1.2.0rc5

v2.*

v2.0.0
v2.0.0a1
v2.0.0a2
v2.0.0b1
v2.0.0b2
v2.0.0b3
v2.0.0b4
v2.0.0rc1
v2.0.0rc2
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.0.19
v2.0.2
v2.0.20
v2.0.21
v2.0.22
v2.0.3
v2.0.4
v2.0.5
v2.0.6rc1
v2.0.7
v2.0.8
v2.0.9
v2.0fork

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "source": "https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a",
        "id": "CVE-2016-7142-c365f1aa",
        "signature_version": "v1",
        "target": {
            "file": "src/modules/m_sasl.cpp"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "228079100025838756566783257419945490230",
                "199453309722348137967308897277233626545",
                "75568141879148473872567936027356473789",
                "229948159184132439404118629736615035392",
                "291717704696387397784739008266277477665",
                "140736679419546910721805029205819158161",
                "161847622082612713858670827218507998792"
            ]
        },
        "signature_type": "Line"
    }
]