Vulnerability Details : CVE-2012-1836
Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2012-1836
Probability of exploitation activity in the next 30 days: 15.40%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-1836
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2012-1836
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1836
-
http://osvdb.org/80263
-
https://github.com/inspircd/inspircd/commit/fe7dbd2c104c37f6f3af7d9f1646a3c332aea4a4
Merge pull request #1 from nenolod/insp20 · inspircd/inspircd@fe7dbd2 · GitHubExploit;Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74157
InspIRCd DNS buffer overflow CVE-2012-1836 Vulnerability Report
-
http://www.kb.cert.org/vuls/id/212651
VU#212651 - InspIRCd heap corruption vulnerabilityPatch;US Government Resource
-
http://www.debian.org/security/2012/dsa-2448
Debian -- Security Information -- DSA-2448-1 inspircd
-
http://secunia.com/advisories/48474
Sign in
-
http://www.securityfocus.com/bid/52561
InspIRCd Heap Memory Corruption Vulnerability
Products affected by CVE-2012-1836
- cpe:2.3:a:inspircd:inspircd:2.0.5:*:*:*:*:*:*:*