CVE-2019-20917

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-20917
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20917.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-20917
Related
Published
2020-09-11T05:15:12Z
Modified
2025-01-15T01:40:52.997261Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.

References

Affected packages

Debian:11 / inspircd

Package

Name
inspircd
Purl
pkg:deb/debian/inspircd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / inspircd

Package

Name
inspircd
Purl
pkg:deb/debian/inspircd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / inspircd

Package

Name
inspircd
Purl
pkg:deb/debian/inspircd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/inspircd/inspircd

Affected ranges

Type
GIT
Repo
https://github.com/inspircd/inspircd
Events

Affected versions

Other

masterfork

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.0a1
v1.1.0b1
v1.1.0b2
v1.1.0b3
v1.1.0b4
v1.1.0b5
v1.1.0b6
v1.1.0b6.1
v1.1.0b7
v1.1.0b8
v1.1.0b9
v1.1.0fork
v1.1.1
v1.1.10
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.2.0
v1.2.0a1
v1.2.0a2
v1.2.0a3
v1.2.0a4
v1.2.0a5
v1.2.0a6
v1.2.0b1
v1.2.0b2
v1.2.0b3
v1.2.0b4
v1.2.0fork
v1.2.0rc1
v1.2.0rc2
v1.2.0rc3
v1.2.0rc4
v1.2.0rc5

v2.*

v2.0.0
v2.0.0a1
v2.0.0a2
v2.0.0b1
v2.0.0b2
v2.0.0b3
v2.0.0b4
v2.0.0rc1
v2.0.0rc2
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.0.19
v2.0.2
v2.0.20
v2.0.21
v2.0.22
v2.0.23
v2.0.24
v2.0.25
v2.0.26
v2.0.27
v2.0.3
v2.0.4
v2.0.5
v2.0.6rc1
v2.0.7
v2.0.8
v2.0.9
v2.0fork

v3.*

v3.0.0
v3.0.0a1
v3.0.0a10
v3.0.0a2
v3.0.0a3
v3.0.0a4
v3.0.0a5
v3.0.0a6
v3.0.0a7
v3.0.0a8
v3.0.0a9
v3.0.0rc1
v3.0.0rc2
v3.0.1
v3.1.0
v3.2.0