Red Hat Bugzilla – Bug 622600
CVE-2010-2812 CVE-2010-2934 znc: multiple out-of-range errors can crash znc
Last modified: 2015-08-19 04:52:26 EDT
An out-of-range flaw was found in znc where if it received a "PING" from a client without an argument, std::string would throw a std::out_of_range exception which killed znc. This is fixed in subversion .
Some unsafe substr() calls were fixed as well. These are of lesser impact because a valid login is required in order to cause a std::out_of_range exception. This is also fixed in subversion .
Created znc tracking bugs for this issue
Affects: fedora-all [bug 622601]
CVE-2010-2812 was assigned to the first issue (PING DoS), CVE-2010-2934 was assigned to the second issue (unsafe substr() calls).
znc-0.093-2.svn2101.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
znc-0.093-2.svn2101.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.