CVE-2019-20917
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-20917
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20917.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-20917
- Downstream
- Published
- 2020-09-11T05:15:12Z
- Modified
- 2025-10-21T05:04:16.857565Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.
- References
-
- https://docs.inspircd.org/security/2019-02/
- https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162
- https://github.com/inspircd/inspircd/commit/8745660fcdac7c1b80c94cfc0ff60928cd4dd4b7
- https://lists.debian.org/debian-lts-announce/2020/09/msg00015.html
- https://www.debian.org/security/2020/dsa-4764
Affected packages
Git / github.com/inspircd/inspircd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/inspircd/inspircd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
Other
masterfork
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.0a1
v1.1.0b1
v1.1.0b2
v1.1.0b3
v1.1.0b4
v1.1.0b5
v1.1.0b6
v1.1.0b6.1
v1.1.0b7
v1.1.0b8
v1.1.0b9
v1.1.0fork
v1.1.1
v1.1.10
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.2.0
v1.2.0a1
v1.2.0a2
v1.2.0a3
v1.2.0a4
v1.2.0a5
v1.2.0a6
v1.2.0b1
v1.2.0b2
v1.2.0b3
v1.2.0b4
v1.2.0fork
v1.2.0rc1
v1.2.0rc2
v1.2.0rc3
v1.2.0rc4
v1.2.0rc5
v2.*
v2.0.0
v2.0.0a1
v2.0.0a2
v2.0.0b1
v2.0.0b2
v2.0.0b3
v2.0.0b4
v2.0.0rc1
v2.0.0rc2
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.0.19
v2.0.2
v2.0.20
v2.0.21
v2.0.22
v2.0.23
v2.0.24
v2.0.25
v2.0.26
v2.0.27
v2.0.3
v2.0.4
v2.0.5
v2.0.6rc1
v2.0.7
v2.0.8
v2.0.9
v2.0fork
v3.*
v3.0.0
v3.0.0a1
v3.0.0a10
v3.0.0a2
v3.0.0a3
v3.0.0a4
v3.0.0a5
v3.0.0a6
v3.0.0a7
v3.0.0a8
v3.0.0a9
v3.0.0rc1
v3.0.0rc2
v3.0.1
v3.1.0
v3.2.0
Database specific
vanir_signatures
[
{
"deprecated": false,
"id": "CVE-2019-20917-1e1c4755",
"source": "https://github.com/inspircd/inspircd/commit/8745660fcdac7c1b80c94cfc0ff60928cd4dd4b7",
"digest": {
"function_hash": "241887545301284665495179932616300993356",
"length": 238.0
},
"target": {
"function": "ModuleSQL::~ModuleSQL",
"file": "src/modules/extra/m_mysql.cpp"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"id": "CVE-2019-20917-25917557",
"source": "https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162",
"digest": {
"function_hash": "241887545301284665495179932616300993356",
"length": 238.0
},
"target": {
"function": "ModuleSQL::~ModuleSQL",
"file": "src/modules/extra/m_mysql.cpp"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"id": "CVE-2019-20917-4142751b",
"source": "https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162",
"digest": {
"line_hashes": [
"97131708961733032428775120291510823109",
"269799031876934484607055524437757444453",
"255549233016784195165188629816694547467",
"144166504417220758686599965642966819446",
"44525923303389181099518146082718386630",
"76484964166473602630262888947165542367",
"141540635961572812486623944601260203415",
"331205328941029024140957971184915955583",
"214421680455201009319560976007864853937",
"139901357027587971418495392094662248022",
"270585790749019080528851035707420653930",
"318249702073141289905245127577035652065"
],
"threshold": 0.9
},
"target": {
"file": "src/modules/extra/m_mysql.cpp"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"id": "CVE-2019-20917-58d7187f",
"source": "https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162",
"digest": {
"function_hash": "5609707757580415519646402921099061555",
"length": 278.0
},
"target": {
"function": "ModuleSQL::init",
"file": "src/modules/extra/m_mysql.cpp"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"id": "CVE-2019-20917-6b56d343",
"source": "https://github.com/inspircd/inspircd/commit/8745660fcdac7c1b80c94cfc0ff60928cd4dd4b7",
"digest": {
"function_hash": "13771301119563863276343567754590794382",
"length": 116.0
},
"target": {
"function": "ModuleSQL::init",
"file": "src/modules/extra/m_mysql.cpp"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"id": "CVE-2019-20917-9274ec66",
"source": "https://github.com/inspircd/inspircd/commit/8745660fcdac7c1b80c94cfc0ff60928cd4dd4b7",
"digest": {
"line_hashes": [
"97131708961733032428775120291510823109",
"269799031876934484607055524437757444453",
"231346747847626587751603029082493586596",
"131723549370569820395430375609088513083",
"44525923303389181099518146082718386630",
"76484964166473602630262888947165542367",
"141540635961572812486623944601260203415",
"331205328941029024140957971184915955583",
"214421680455201009319560976007864853937",
"139901357027587971418495392094662248022",
"329679358540076502780177285939824173153",
"208189528832989032401935639903410301095"
],
"threshold": 0.9
},
"target": {
"file": "src/modules/extra/m_mysql.cpp"
},
"signature_type": "Line",
"signature_version": "v1"
}
]