Vulnerability Description
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atheme | Atheme | >= 7.2.0, < 7.2.12 |
Related Weaknesses (CWE)
References
- https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52PatchThird Party Advisory
- https://github.com/atheme/atheme/compare/v7.2.11...v7.2.12PatchThird Party Advisory
- https://www.openwall.com/lists/oss-security/2022/01/30/4ExploitMailing ListThird Party Advisory
- https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52PatchThird Party Advisory
- https://github.com/atheme/atheme/compare/v7.2.11...v7.2.12PatchThird Party Advisory
- https://www.openwall.com/lists/oss-security/2022/01/30/4ExploitMailing ListThird Party Advisory
FAQ
What is CVE-2022-24976?
CVE-2022-24976 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
How severe is CVE-2022-24976?
CVE-2022-24976 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-24976?
Check the references section above for vendor advisories and patch information. Affected products include: Atheme Atheme.