Vulnerability Description
InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue.
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Inspircd | Inspircd | >= 3.8.0, < 3.10.0 |
Related Weaknesses (CWE)
References
- https://docs.inspircd.org/security/2021-01/PatchVendor Advisory
- https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87aPatchThird Party Advisory
- https://security.gentoo.org/glsa/202107-22Third Party Advisory
- https://docs.inspircd.org/security/2021-01/PatchVendor Advisory
- https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87aPatchThird Party Advisory
- https://security.gentoo.org/glsa/202107-22Third Party Advisory
FAQ
What is CVE-2021-33586?
CVE-2021-33586 is a vulnerability with a CVSS score of 4.3 (MEDIUM). InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue.
How severe is CVE-2021-33586?
CVE-2021-33586 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33586?
Check the references section above for vendor advisories and patch information. Affected products include: Inspircd Inspircd.