CVE-2021-33586

NameCVE-2021-33586
DescriptionInspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs989144

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
inspircd (PTS)bullseye3.8.1-2fixed
bookworm3.15.0-1fixed
trixie, sid3.17.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
inspircdsourcestretch(not affected)
inspircdsourcebuster(not affected)
inspircdsource(unstable)3.8.1-2989144

Notes

[buster] - inspircd <not-affected> (Vulnerable code not present)
[stretch] - inspircd <not-affected> (Vulnerable code not present)
https://docs.inspircd.org/security/2021-01/
https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d

Search for package or bug name: Reporting problems