CVE-2023-50784

{"id": "CVE-2023-50784", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-16T23:15:40.770", "references": [{"url": "https://forums.unrealircd.org/viewtopic.php?t=9340", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/", "source": "cve@mitre.org"}, {"url": "https://www.unrealircd.org/index/news", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://forums.unrealircd.org/viewtopic.php?t=9340", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.unrealircd.org/index/news", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en websockets en UnrealIRCd 6.1.0 hasta 6.1.3 anterior a 6.1.4 permite que un atacante remoto no autenticado bloquee el servidor enviando un paquete de gran tama\u00f1o (si un puerto websocket est\u00e1 abierto). La ejecuci\u00f3n remota de c\u00f3digo podr\u00eda ser posible en algunas plataformas antiguas y poco comunes."}], "lastModified": "2024-11-21T08:37:18.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:unrealircd:unrealircd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "574ACE08-97D7-4495-BF19-0F2EA0631ECA", "versionEndExcluding": "6.1.4", "versionStartIncluding": "6.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}