CVE-2021-33586

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-33586
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-33586.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-33586
Downstream
Related
Published
2021-05-27T05:15:06.993Z
Modified
2025-11-14T11:58:07.323976Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue.

References

Affected packages

Git / github.com/inspircd/inspircd

Affected ranges

Type
GIT
Repo
https://github.com/inspircd/inspircd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4350a11c663b0d75f8119743bffb7736d87abd4d

Affected versions

Other

masterfork

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.0a1
v1.1.0b1
v1.1.0b2
v1.1.0b3
v1.1.0b4
v1.1.0b5
v1.1.0b6
v1.1.0b6.1
v1.1.0b7
v1.1.0b8
v1.1.0b9
v1.1.0fork
v1.1.1
v1.1.10
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.2.0
v1.2.0a1
v1.2.0a2
v1.2.0a3
v1.2.0a4
v1.2.0a5
v1.2.0a6
v1.2.0b1
v1.2.0b2
v1.2.0b3
v1.2.0b4
v1.2.0fork
v1.2.0rc1
v1.2.0rc2
v1.2.0rc3
v1.2.0rc4
v1.2.0rc5

v2.*

v2.0.0
v2.0.0a1
v2.0.0a2
v2.0.0b1
v2.0.0b2
v2.0.0b3
v2.0.0b4
v2.0.0rc1
v2.0.0rc2
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.0.19
v2.0.2
v2.0.20
v2.0.21
v2.0.22
v2.0.23
v2.0.24
v2.0.25
v2.0.26
v2.0.27
v2.0.3
v2.0.4
v2.0.5
v2.0.6rc1
v2.0.7
v2.0.8
v2.0.9
v2.0fork

v3.*

v3.0.0
v3.0.0a1
v3.0.0a10
v3.0.0a2
v3.0.0a3
v3.0.0a4
v3.0.0a5
v3.0.0a6
v3.0.0a7
v3.0.0a8
v3.0.0a9
v3.0.0rc1
v3.0.0rc2
v3.0.1
v3.1.0
v3.2.0
v3.3.0
v3.4.0
v3.5.0
v3.6.0
v3.7.0
v3.8.0
v3.8.1
v3.9.0

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "172236433412257313883103957772383903383",
                "220703310501416717366140712732379042131",
                "52434925730221493171471376307921343860",
                "70281737129417841586534436710458404628",
                "263384407924776216272824341098924172406",
                "315415170026200256221787970084830905795"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "include/clientprotocolmsg.h"
        },
        "deprecated": false,
        "id": "CVE-2021-33586-44bd76ff",
        "source": "https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d"
    },
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "324890397734487770979278848730261565209",
                "249933969203486859797144565555425798009",
                "122328167582706218575434760079144219617",
                "206397735007201542476051935054925026908"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "src/coremods/core_user/core_user.cpp"
        },
        "deprecated": false,
        "id": "CVE-2021-33586-6c241bbe",
        "source": "https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d"
    }
]