The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Atheme | Atheme | 6.0.0 (including) | 6.0.0 (including) |
| Atheme | Atheme | 6.0.1 (including) | 6.0.1 (including) |
| Atheme | Atheme | 6.0.2 (including) | 6.0.2 (including) |
| Atheme | Atheme | 6.0.3 (including) | 6.0.3 (including) |
| Atheme | Atheme | 6.0.4 (including) | 6.0.4 (including) |
| Atheme | Atheme | 6.0.5 (including) | 6.0.5 (including) |
| Atheme | Atheme | 6.0.6 (including) | 6.0.6 (including) |
| Atheme | Atheme | 6.0.7 (including) | 6.0.7 (including) |
| Atheme | Atheme | 6.0.8 (including) | 6.0.8 (including) |
| Atheme | Atheme | 6.0.9 (including) | 6.0.9 (including) |