CVE-2010-2448

znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.

Affected Software

Name	Vendor	Start Version	End Version
Znc	Znc	*	0.090 (including)
Znc	Znc	0.034 (including)	0.034 (including)
Znc	Znc	0.041 (including)	0.041 (including)
Znc	Znc	0.043 (including)	0.043 (including)
Znc	Znc	0.044 (including)	0.044 (including)
Znc	Znc	0.045 (including)	0.045 (including)
Znc	Znc	0.047 (including)	0.047 (including)
Znc	Znc	0.050 (including)	0.050 (including)
Znc	Znc	0.052 (including)	0.052 (including)
Znc	Znc	0.054 (including)	0.054 (including)
Znc	Znc	0.056 (including)	0.056 (including)
Znc	Znc	0.058 (including)	0.058 (including)
Znc	Znc	0.060 (including)	0.060 (including)
Znc	Znc	0.062 (including)	0.062 (including)
Znc	Znc	0.064 (including)	0.064 (including)
Znc	Znc	0.066 (including)	0.066 (including)
Znc	Znc	0.068 (including)	0.068 (including)
Znc	Znc	0.070 (including)	0.070 (including)
Znc	Znc	0.072 (including)	0.072 (including)
Znc	Znc	0.074 (including)	0.074 (including)
Znc	Znc	0.076 (including)	0.076 (including)
Znc	Znc	0.078 (including)	0.078 (including)
Znc	Znc	0.080 (including)	0.080 (including)
Znc	Ubuntu	devel	*
Znc	Ubuntu	hardy	*
Znc	Ubuntu	jaunty	*
Znc	Ubuntu	karmic	*
Znc	Ubuntu	lucid	*
Znc	Ubuntu	maverick	*
Znc	Ubuntu	natty	*
Znc	Ubuntu	oneiric	*
Znc	Ubuntu	precise	*
Znc	Ubuntu	quantal	*
Znc	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-2448
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References