Use-after-free in InspIRCd

#VU46820 Use-after-free in InspIRCd

Published: 2020-09-11 | Updated: 2020-09-20

Vulnerability identifier: #VU46820

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25269

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
InspIRCd
Server applications / Conferencing, Collaboration and VoIP solutions

Vendor: InspIRCd

Description

The vulnerability allows a remote user to crash the daemon.

The vulnerability exists due to a use-after-free error within the pgsql module in InspIRCd. A remote user can send specially crafted request to the daemon, trigger a use-after-free error and crash the server..

Successful exploitation of the vulnerability requires that sqlauth or sqloper modules are used.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

InspIRCd: 2.0.0 - 3.5.0

External links
http://docs.inspircd.org/security/2020-01/
http://github.com/inspircd/inspircd/compare/426d1c8...b3f1db9
http://github.com/inspircd/inspircd/compare/v2.0.28...07d7dea
http://www.debian.org/security/2020/dsa-4764

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Debian update for inspircd

Denial of service in InspIRCd