CVE-2019-20918

Publication date 11 September 2020

Last updated 17 July 2025

Ubuntu priority

Cvss 3 Severity Score

Description

An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
inspircd	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release

How can I get the fixes?
What do statuses mean?

Severity score breakdown

CVSS version: CVSS v3.0

Base score 6.5 · Medium

Base metrics

Parameter	Value
Attack vector	Network
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality impact	None
Integrity impact	None
Availability impact	High

Scores

Parameter	Value
Base score	6.5 · Medium
Exploitability score	-
Impact score	-

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

MITRE
NVD
Launchpad
Debian

Other references

https://docs.inspircd.org/security/2019-01/
https://github.com/inspircd/inspircd/commit/7b47de3c194f239c5fea09a0e49696c9af017d51
https://github.com/inspircd/inspircd/commit/bcd65de1ec4bb71591ae417fee649d7ecd37cd57
https://www.cve.org/CVERecord?id=CVE-2019-20918