CVE-2009-4652 | Vulnerability Database | Aqua Security

The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error.

Affected Software

Name	Vendor	Start Version	End Version
Ngircd	Ngircd	13 (including)	13 (including)
Ngircd	Ngircd	14 (including)	14 (including)

References

http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=blobdiff%3Bf=src/ngircd/conn.c%3Bh=c6095a31c613bc5ca127d55b8723e15b836f1cca%3Bhp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c%3Bhb=627b0b713c52406e50c84bb9459e7794262920a2%3Bhpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e
http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=627b0b713c52406e50c84bb9459e7794262920a2
http://ngircd.barton.de/doc/ChangeLog
http://ngircd.barton.de/doc/NEWS
http://secunia.com/advisories/37343
http://www.securityfocus.com/bid/37021
http://www.vupen.com/english/advisories/2009/3240
https://exchange.xforce.ibmcloud.com/vulnerabilities/54272

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-4652
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html