CVE-2009-4652
EPSS 1.1%
Description
The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error.
How to fix CVE-2009-4652
To remediate CVE-2009-4652, upgrade the affected package to a fixed version below.
- Debian/ngircd—upgrade to 15-0.1 or later
Is CVE-2009-4652 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 15-0.1