CVE-2013-0238

The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes a negative number to be parsed.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699267
http://osvdb.org/89623
http://secunia.com/advisories/51948	Vendor Advisory
http://secunia.com/advisories/52106	Vendor Advisory
http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/trunk/src/hostmask.c?r1=1786&r2=1785&pathrev=1786
http://www.debian.org/security/2013/dsa-2618
http://www.exploit-db.com/exploits/24951
http://www.mandriva.com/security/advisories?name=MDVSA-2013:093
http://www.openwall.com/lists/oss-security/2013/01/29/8
http://www.securityfocus.com/bid/57610
https://exchange.xforce.ibmcloud.com/vulnerabilities/81695
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0055
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699267
http://osvdb.org/89623
http://secunia.com/advisories/51948	Vendor Advisory
http://secunia.com/advisories/52106	Vendor Advisory
http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/trunk/src/hostmask.c?r1=1786&r2=1785&pathrev=1786
http://www.debian.org/security/2013/dsa-2618
http://www.exploit-db.com/exploits/24951
http://www.mandriva.com/security/advisories?name=MDVSA-2013:093
http://www.openwall.com/lists/oss-security/2013/01/29/8
http://www.securityfocus.com/bid/57610
https://exchange.xforce.ibmcloud.com/vulnerabilities/81695
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0055

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ircd-hybrid:ircd-hybrid::::::::
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.2.0:::::::*
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.2.1:::::::*
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.2.2:::::::*
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.2.3:::::::*
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.3.0:::::::*
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.3.0:rc1::::::
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.3.1:::::::*
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.0:::::::*
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.0:beta1::::::
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.0:beta2::::::
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.0:beta3::::::
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.0:rc1::::::
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.1:::::::*
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.2:::::::*
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.3:::::::*
	cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.4:::::::*

History

21 Nov 2024, 01:47

Type	Values Removed	Values Added
References	~~() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699267 -~~	() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699267 -
References	~~() http://osvdb.org/89623 -~~	() http://osvdb.org/89623 -
References	~~() http://secunia.com/advisories/51948 - Vendor Advisory~~	() http://secunia.com/advisories/51948 - Vendor Advisory
References	~~() http://secunia.com/advisories/52106 - Vendor Advisory~~	() http://secunia.com/advisories/52106 - Vendor Advisory
References	~~() http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/trunk/src/hostmask.c?r1=1786&r2=1785&pathrev=1786 -~~	() http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/trunk/src/hostmask.c?r1=1786&r2=1785&pathrev=1786 -
References	~~() http://www.debian.org/security/2013/dsa-2618 -~~	() http://www.debian.org/security/2013/dsa-2618 -
References	~~() http://www.exploit-db.com/exploits/24951 -~~	() http://www.exploit-db.com/exploits/24951 -
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2013:093 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2013:093 -
References	~~() http://www.openwall.com/lists/oss-security/2013/01/29/8 -~~	() http://www.openwall.com/lists/oss-security/2013/01/29/8 -
References	~~() http://www.securityfocus.com/bid/57610 -~~	() http://www.securityfocus.com/bid/57610 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/81695 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/81695 -
References	~~() https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0055 -~~	() https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0055 -

Information

Published : 2013-02-13 01:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-0238

Mitre link : CVE-2013-0238

CVE.ORG link : CVE-2013-0238

JSON object : View

Products Affected

ircd-hybrid

ircd-hybrid

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2013-0238", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-02-13T01:55:04.090", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699267", "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/89623", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51948", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/52106", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/trunk/src/hostmask.c?r1=1786&r2=1785&pathrev=1786", "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2013/dsa-2618", "source": "secalert@redhat.com"}, {"url": "http://www.exploit-db.com/exploits/24951", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:093", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/01/29/8", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/57610", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81695", "source": "secalert@redhat.com"}, {"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0055", "source": "secalert@redhat.com"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699267", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/89623", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/51948", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/52106", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/trunk/src/hostmask.c?r1=1786&r2=1785&pathrev=1786", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2013/dsa-2618", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/24951", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:093", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2013/01/29/8", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/57610", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81695", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0055", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes a negative number to be parsed."}, {"lang": "es", "value": "La funci\u00f3n try_parse_v4_netmask en hostmask.c en IRCD-Hybrid anteriores a v8.0.6 no valida adecuadamente las mascaras, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una mascara que causa un n\u00famero negativo a analizar."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86C8A0C8-4746-4A32-AEAF-6E1E0DC6F91A", "versionEndIncluding": "8.0.5"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5CB5086-4F61-4333-AAE3-5D7A8BFC4C61"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A014594-6C4F-44FE-AD2C-EFB68A07FBE6"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "889E8F76-753E-4E71-B905-D0A481085486"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "456247AA-A2E9-4D74-BFCC-3F7FC86A7EFF"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A461012-E529-4980-8DA6-4338E21315D1"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.3.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "625ACA9D-463D-40E0-B21C-AB0B5F8B5645"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:7.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53C1B4F8-3352-4972-9DCF-694741038432"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DAA4B35-BA16-4B3D-87FD-3D0FEE6CC2D7"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "164F43EA-2C8C-44DD-9557-8E3E19A0E709"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F17DC13-1E65-44CB-B281-03F21B205334"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B6E867B-2586-4B10-AA21-1ECD2345847F"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9149286A-AA6F-4E67-931E-40F910DCE20C"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F56A5EF1-5E14-42AB-88E7-EF6C3A9CC09E"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B408E49-A6FE-4C23-9A8F-5FB88B8F9D94"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D134E3FA-BAE8-47DB-A88E-01F005D7983B"}, {"criteria": "cpe:2.3:a:ircd-hybrid:ircd-hybrid:8.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9C74B4A-6040-48CA-9165-6C8BCAB45CB5"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

5.0 /10