CVE-2020-25269

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.

References

Affected packages

Git / github.com/inspircd/inspircd

Affected ranges

Type

GIT

Repo

https://github.com/inspircd/inspircd

Events

Introduced

9f24bef18e28654a07b30ba284663ce73e0a8125

Fixed

6b5aac0267058f25b4d6dcbfc66b0ff02e1b61dd

Introduced

68e5d0a151d8b5ca6577a0053dcda95774bf323a

Fixed

7a02052130721d83b43a349dc9b0650ad798fc08

Database specific

{
    "versions": [
        {
            "introduced": "2.0"
        },
        {
            "fixed": "2.0.29"
        },
        {
            "introduced": "3.0"
        },
        {
            "fixed": "3.6.0"
        }
    ]
}

Affected versions

Other

masterfork

v2.*

v2.0.0

v2.0.0a1

v2.0.0a2

v2.0.0b1

v2.0.0b2

v2.0.0b3

v2.0.0b4

v2.0.0rc1

v2.0.0rc2

v2.0.1

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

v2.0.2

v2.0.20

v2.0.21

v2.0.22

v2.0.23

v2.0.24

v2.0.25

v2.0.26

v2.0.27

v2.0.28

v2.0.3

v2.0.4

v2.0.5

v2.0.6rc1

v2.0.7

v2.0.8

v2.0.9

v2.0fork

v3.*

v3.0.0

v3.0.0a1

v3.0.0a10

v3.0.0a2

v3.0.0a3

v3.0.0a4

v3.0.0a5

v3.0.0a6

v3.0.0a7

v3.0.0a8

v3.0.0a9

v3.0.0rc1

v3.0.0rc2

v3.0.1

v3.1.0

v3.2.0

v3.3.0

v3.4.0

v3.5.0

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25269.json"