znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Znc | Znc | * | 0.090 (including) |
| Znc | Znc | 0.034 (including) | 0.034 (including) |
| Znc | Znc | 0.041 (including) | 0.041 (including) |
| Znc | Znc | 0.043 (including) | 0.043 (including) |
| Znc | Znc | 0.044 (including) | 0.044 (including) |
| Znc | Znc | 0.045 (including) | 0.045 (including) |
| Znc | Znc | 0.047 (including) | 0.047 (including) |
| Znc | Znc | 0.050 (including) | 0.050 (including) |
| Znc | Znc | 0.052 (including) | 0.052 (including) |
| Znc | Znc | 0.054 (including) | 0.054 (including) |
| Znc | Znc | 0.056 (including) | 0.056 (including) |
| Znc | Znc | 0.058 (including) | 0.058 (including) |
| Znc | Znc | 0.060 (including) | 0.060 (including) |
| Znc | Znc | 0.062 (including) | 0.062 (including) |
| Znc | Znc | 0.064 (including) | 0.064 (including) |
| Znc | Znc | 0.066 (including) | 0.066 (including) |
| Znc | Znc | 0.068 (including) | 0.068 (including) |
| Znc | Znc | 0.070 (including) | 0.070 (including) |
| Znc | Znc | 0.072 (including) | 0.072 (including) |
| Znc | Znc | 0.074 (including) | 0.074 (including) |
| Znc | Znc | 0.076 (including) | 0.076 (including) |
| Znc | Znc | 0.078 (including) | 0.078 (including) |
| Znc | Znc | 0.080 (including) | 0.080 (including) |
| Znc | Ubuntu | devel | * |
| Znc | Ubuntu | hardy | * |
| Znc | Ubuntu | jaunty | * |
| Znc | Ubuntu | karmic | * |
| Znc | Ubuntu | lucid | * |
| Znc | Ubuntu | maverick | * |
| Znc | Ubuntu | natty | * |
| Znc | Ubuntu | oneiric | * |
| Znc | Ubuntu | precise | * |
| Znc | Ubuntu | quantal | * |
| Znc | Ubuntu | upstream | * |