Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 920264 (CVE-2023-50784) - net-irc/unrealircd: denial-of-service by sending an oversized packet
Summary: net-irc/unrealircd: denial-of-service by sending an oversized packet
Status: CONFIRMED
Alias: CVE-2023-50784
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://forums.unrealircd.org/viewtop...
Whiteboard: B2 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-12-18 14:21 UTC by Christopher Fore
Modified: 2023-12-18 14:22 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Fore 2023-12-18 14:21:35 UTC
CVE-2023-50784 (https://forums.unrealircd.org/viewtopic.php?t=9340):

A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.