Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.
{ "vanir_signatures": [ { "digest": { "line_hashes": [ "174486753964754430516916736730871383050", "29275778477837198611450992203257197893", "307319530049013881402330522505066602242", "82494158934045587906733452887499443976", "160053286842728736588820086884220847764", "287617424539222821611460032335993242581", "209833765287222228824183705683832732667", "95297945510039220468508204114214847500", "236450068995647934809680474209327232539", "95912614378945415831535891127074118283", "219679646820246493502379246107279975593", "300337625527040063029589176392118851540", "204297166171023547714016822031300809515", "73956343658827535355290124036992016914", "18051496777745318297934926575655174890", "239034098034606290967669952118796928569", "295334044853165642485678087140871457774", "45729926670722493656673669137202336290", "571798546533859822310861521896058965", "211380172655941171035773268297891516276", "331984331098265596437389312867452663890", "259182456096102161138887388896962333935", "278816252438430496865286650787102721943", "225602893450083304814145166244640416013", "154036182678273576774730331226380439075", "252388954425318239832020560689011993945", "274893726036052713575377647643003236381" ], "threshold": 0.9 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311", "signature_type": "Line", "id": "CVE-2019-12816-1290c1b3", "target": { "file": "src/Modules.cpp" } }, { "digest": { "function_hash": "95122950786339445404760154917654623114", "length": 1917.0 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311", "signature_type": "Function", "id": "CVE-2019-12816-3fbc7f94", "target": { "file": "src/Modules.cpp", "function": "CModules::LoadModule" } }, { "digest": { "function_hash": "323292578912875305148883135426334201462", "length": 288.0 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311", "signature_type": "Function", "id": "CVE-2019-12816-48abef31", "target": { "file": "src/Modules.cpp", "function": "CModules::GetModPathInfo" } }, { "digest": { "line_hashes": [ "195477839036768438441414840661911920399", "210936151725103424132817371752203593323", "101777677667273448383554422736045543017", "302797354415093651132654681454522280047" ], "threshold": 0.9 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311", "signature_type": "Line", "id": "CVE-2019-12816-54fbb26a", "target": { "file": "include/znc/Modules.h" } }, { "digest": { "function_hash": "76020489109695436136136009632747957875", "length": 397.0 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311", "signature_type": "Function", "id": "CVE-2019-12816-b44be469", "target": { "file": "src/Modules.cpp", "function": "CModules::GetModInfo" } }, { "digest": { "function_hash": "29121335711093038551819019924020777549", "length": 1924.0 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311", "signature_type": "Function", "id": "CVE-2019-12816-d5a0c88d", "target": { "file": "src/Modules.cpp", "function": "CModules::OpenModule" } } ] }