CVE Daily
← All tags

Tag: UnrealIRCd

All CVEs associated with "UnrealIRCd". Page 1/1 • 9 CVEs.

About “UnrealIRCd”

A curated feed of “UnrealIRCd”-related CVEs appears below. We currently track 9 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 6.2 (all time), and 33% are rated High/Critical (all time). Top CWEs (all time): CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), CWE-665 - Improper Initialization, CWE-287 - Improper Authentication.

In our taxonomy this topic maps to a LOW impact class. Network services expose protocol parsers and daemons. Patch, restrict to trusted segments, validate inputs, and apply rate limiting. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: unrealircd

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestPremier SupportEOLLTS
66.2.5Unavailable-
55.2.4 Expired
44.2.4.1 Expired
3.23.2.10.7 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “UnrealIRCd”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-12-16
High

CVE-2023-50784

A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is ope…

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2017-08-23
Medium

CVE-2017-13649

UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root accou…

CVSS: 5.5 CWE: CWE-665 - Improper Initialization View on NVD
2017-01-18
High

CVE-2016-7144

The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user vi…

CVSS: 8.1 CWE: CWE-287 - Improper Authentication View on NVD
2014-05-19
Medium

CVE-2013-7384

UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from C…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-6413

Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due t…

CVSS: 5.0 CWE: CWE-399 View on NVD
2010-06-15
High

CVE-2010-2075

UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2009-4893

Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via un…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-03-14
Medium

CVE-2006-1214

UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denial of service by causing a linked server to send malformed TKL Q:Line commands, as demonstrated by "TKL - q\x08Q *\x08PoC."

CVSS: 5.0 CWE: N/A View on NVD
2004-08-06
Medium

CVE-2004-0679

The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly other versions, uses a weak hashing scheme to hide IP addresses, which could allow remote attackers to use brute force methods to gai…

CVSS: 5.0 CWE: N/A View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox