CVE-2019-9917
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-9917
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9917.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-9917
- Downstream
- Related
- Published
- 2019-03-27T06:29:00Z
- Modified
- 2025-10-15T11:17:58.931991Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.
- References
-
- https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973
- https://usn.ubuntu.com/3950-1/
- https://www.debian.org/security/2019/dsa-4463
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTRBTPL7WWKQ7DZ2ALDTCGYUWSE6SL3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRHCMHI44AW5CJ22WV676BKFUWWCLA7T/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZRVSINQHM623GJYYNDSBYSXT2MHKFCYQ/
- https://seclists.org/bugtraq/2019/Jun/23
Affected packages
Git / github.com/znc/znc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/znc/znc
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
znc-0.*
znc-0.023
znc-0.025
znc-0.027
znc-0.028
znc-0.029
znc-0.030
znc-0.033
znc-0.034
znc-0.035
znc-0.036
znc-0.037
znc-0.038
znc-0.039
znc-0.040
znc-0.041
znc-0.043
znc-0.044
znc-0.045
znc-0.047
znc-0.050
znc-0.052
znc-0.054
znc-0.054-rc1
znc-0.054-rc2
znc-0.054-rc3
znc-0.056
znc-0.058
znc-0.060
znc-0.062
znc-0.064
znc-0.066
znc-0.068
znc-0.070
znc-0.072
znc-0.094
znc-0.096
znc-0.098
znc-0.200
znc-1.*
znc-1.0
znc-1.2
znc-1.6.0
znc-1.6.1
znc-1.6.1-rc1
znc-1.6.2
znc-1.6.2-rc1
znc-1.6.3
znc-1.6.3-rc1
znc-1.6.3-rc2
znc-1.6.4
znc-1.6.4-rc1
znc-1.6.4-rc2
znc-1.6.4-rc3
znc-1.6.5
znc-1.6.5-rc1
znc-1.7.0
znc-1.7.1
znc-1.7.1-rc1
znc-1.7.2
znc-1.7.2-rc1
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"id": "CVE-2019-9917-06bf70df",
"target": {
"file": "test/integration/tests/scripting.cpp"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973",
"digest": {
"line_hashes": [
"31243661487519983332586909021597621186",
"165710148128532027485157959188699336235",
"166886895376817625238888457006479704126",
"202216067248535961652918961024433483598"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2019-9917-0d6fb574",
"target": {
"file": "src/znc.cpp"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973",
"digest": {
"line_hashes": [
"36584977510076312796211728617311074544",
"217198369861479389276039051877825542052",
"206142953363195979325179759694664204998",
"31852148263648964562324318574212806649",
"5731068558472984968260793634951877099",
"4544111393618610573014631413676193190",
"289088587105281216836994535553464028038",
"235947386026669297930310421144780250910",
"336096019935149947584563433318192500410",
"268587052100394892615423073990776036495",
"294516321826862714633202397054723505922",
"293692983013023723515438354985097968040",
"331824959662458729581419606514221289741",
"199929378030754572028680991599821609706",
"214994378381979026070318865429634565927"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2019-9917-0d90913d",
"target": {
"function": "TEST_F",
"file": "test/integration/tests/scripting.cpp"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973",
"digest": {
"function_hash": "296490947557495495698556840745463224975",
"length": 700.0
}
},
{
"signature_type": "Function",
"id": "CVE-2019-9917-2a52a98e",
"target": {
"function": "CIRCNetwork::SetEncoding",
"file": "src/IRCNetwork.cpp"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973",
"digest": {
"function_hash": "178979880052083639693043536343234372446",
"length": 146.0
}
},
{
"signature_type": "Function",
"id": "CVE-2019-9917-7bd8f15c",
"target": {
"function": "CZNC::FixupEncoding",
"file": "src/znc.cpp"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973",
"digest": {
"function_hash": "125101303649470056653133603499956669889",
"length": 143.0
}
},
{
"signature_type": "Function",
"id": "CVE-2019-9917-8c77122a",
"target": {
"function": "CUser::SetClientEncoding",
"file": "src/User.cpp"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973",
"digest": {
"function_hash": "293321452328121892227321759955430517692",
"length": 173.0
}
},
{
"signature_type": "Line",
"id": "CVE-2019-9917-bc8f8674",
"target": {
"file": "src/User.cpp"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973",
"digest": {
"line_hashes": [
"45578857716056444465828692694606500680",
"160927141101229919908502635119851227675",
"330343910617320700491909940605254650939",
"134425585766085492025684800141740463376",
"274035849413902230041635056705243702223",
"252846216533532613068451665393039115978"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2019-9917-cbbdb625",
"target": {
"file": "modules/controlpanel.cpp"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973",
"digest": {
"line_hashes": [
"111298836504242310308272496850513804915",
"9388782646776428426526030157509005349",
"257161384823751252615798124025181257527",
"31465414230298443885241880409664645910"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2019-9917-ef33d0b7",
"target": {
"function": "CZNC::ForceEncoding",
"file": "src/znc.cpp"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973",
"digest": {
"function_hash": "233316471373385435759124824689329725750",
"length": 209.0
}
},
{
"signature_type": "Line",
"id": "CVE-2019-9917-f2bb6b6d",
"target": {
"file": "src/IRCNetwork.cpp"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973",
"digest": {
"line_hashes": [
"103017835089596055557836987390762724639",
"168429236088408346781483381823660671102",
"294478468469689669391425223505312240102",
"45635952350146212716839909869407165573",
"321557855222009988081285520692820523097",
"269180103670117207886993403664586808123"
],
"threshold": 0.9
}
}
]