Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.

Threat-Mapped Scoring

Score: 1.9

Priority: P3 - Important (Medium)

• S9 – Sabotage of System/App
• S10 – Denial of Service (+0.1 bonus)

EPSS

Score: 0.20153
Percentile: 0.95231

CVSS Scoring

Mapped CWE(s)

• CWE-191 : Integer Underflow (Wrap or Wraparound)

Affected Products

• cpe:2.3:a:barton:ngircd:*:*:*:*:*:*:*:*

← Back to Home