Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 492526 (CVE-2013-6413) - <net-irc/unrealircd- : Two Denial of Service Vulnerabilities (CVE-2013-{6413,7384})
Summary: <net-irc/unrealircd- : Two Denial of Service Vulnerabilities (CVE-201...
Alias: CVE-2013-6413
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Depends on:
Reported: 2013-11-25 19:46 UTC by Agostino Sarubbo
Modified: 2014-06-08 00:45 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-11-25 19:46:30 UTC
From ${URL} :


Two vulnerabilities have been reported in UnrealIRCd, which can be exploited by malicious people to 
cause a DoS (Denial of Service).

1) An unspecified NULL pointer dereference error can be exploited to cause a crash.

2) An unspecified use-after-free error can be exploited to cause a crash.

The vulnerabilities are reported in versions 3.2.10 and

Update to version

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Nathan Phillip Brink (binki) (RETIRED) gentoo-dev 2013-12-03 05:42:21 UTC
I’ve bumped to unrealircd-, though I left older versions in. What next? ;-)
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2013-12-03 06:41:58 UTC
Thank you Nathan,

Arches, please test and mark stable:


Target Keywords : "amd64 ppc x86"
Comment 3 Agostino Sarubbo gentoo-dev 2013-12-06 20:40:10 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2013-12-06 20:42:11 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-12-07 19:11:37 UTC
ppc stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 6 Nathan Phillip Brink (binki) (RETIRED) gentoo-dev 2013-12-09 04:39:19 UTC
I’ve dropped =unrealircd- which has the security flaw.
Comment 7 Chris Reffett (RETIRED) gentoo-dev Security 2013-12-09 04:41:44 UTC
Thank you. GLSA vote: no.
Comment 8 Sergey Popov gentoo-dev 2013-12-09 07:22:47 UTC
GLSA vote: no

Closing noglsa
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2014-06-08 00:45:26 UTC
CVE-2013-7384 (
  UnrealIRCd 3.2.10 before allows remote attackers to cause a denial
  of service (NULL pointer dereference and crash) via unspecified vectors,
  related to SSL.  NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due
  to different vulnerability types.

CVE-2013-6413 (
  Use-after-free vulnerability in UnrealIRCd 3.2.10 before allows
  remote attackers to cause a denial of service (crash) via unspecified
  vectors.  NOTE: this identifier was SPLIT per ADT2 due to different
  vulnerability types. CVE-2013-7384 was assigned for the NULL pointer