oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-39844: ZNC modtcl RCE

From: Martin Weinelt <martin () linuxlounge net>
Date: Wed, 3 Jul 2024 18:18:36 +0200
Hi,
ZNC before 1.9.1 has a remote code execution vulnerability in its modtcl module, that can for example be triggered through a prepared kick message 

https://wiki.znc.in/ChangeLog/1.9.1
Alternatively the following patch needs to be applied to mitigate this vulnerability: 

https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e
The vulnerability was discovered and reported by Johannes Kuhn (DasBrain). The patch was created by glguy. 


---

Martin
Previous By Date Next
Previous By Thread Next

Current thread: