{"id":"CVE-2019-9917","details":"ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.","modified":"2026-04-11T15:27:38.280010Z","published":"2019-03-27T06:29:00.390Z","related":["MGASA-2019-0262","openSUSE-SU-2019:1166-1","openSUSE-SU-2019:1775-1","openSUSE-SU-2019:1859-1","openSUSE-SU-2024:11542-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00018.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRHCMHI44AW5CJ22WV676BKFUWWCLA7T/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00037.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTRBTPL7WWKQ7DZ2ALDTCGYUWSE6SL3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZRVSINQHM623GJYYNDSBYSXT2MHKFCYQ/"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Jun/23"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4463"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3950-1/"},{"type":"FIX","url":"https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/znc/znc","events":[{"introduced":"0"},{"last_affected":"5cde1eb3c112b6f7508521060da1b2b3df88b158"},{"fixed":"64613bc8b6b4adf1e32231f9844d99cd512b8973"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7.2"}]}}],"versions":["znc-0.023","znc-0.025","znc-0.027","znc-0.028","znc-0.029","znc-0.030","znc-0.033","znc-0.034","znc-0.035","znc-0.036","znc-0.037","znc-0.038","znc-0.039","znc-0.040","znc-0.041","znc-0.043","znc-0.044","znc-0.045","znc-0.047","znc-0.050","znc-0.052","znc-0.054","znc-0.054-rc1","znc-0.054-rc2","znc-0.054-rc3","znc-0.056","znc-0.058","znc-0.060","znc-0.062","znc-0.064","znc-0.066","znc-0.068","znc-0.070","znc-0.072","znc-0.094","znc-0.096","znc-0.098","znc-0.200","znc-1.0","znc-1.2","znc-1.6.0","znc-1.7.0","znc-1.7.1","znc-1.7.1-rc1","znc-1.7.2","znc-1.7.2-rc1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"18.10"}]},{"events":[{"introduced":"0"},{"last_affected":"28"}]},{"events":[{"introduced":"0"},{"last_affected":"29"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9917.json","vanir_signatures_modified":"2026-04-11T15:27:38Z","vanir_signatures":[{"id":"CVE-2019-9917-06bf70df","source":"https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973","target":{"file":"test/integration/tests/scripting.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["31243661487519983332586909021597621186","165710148128532027485157959188699336235","166886895376817625238888457006479704126","202216067248535961652918961024433483598"]},"signature_version":"v1","deprecated":false},{"id":"CVE-2019-9917-0d6fb574","source":"https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973","target":{"file":"src/znc.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["36584977510076312796211728617311074544","217198369861479389276039051877825542052","206142953363195979325179759694664204998","31852148263648964562324318574212806649","5731068558472984968260793634951877099","4544111393618610573014631413676193190","289088587105281216836994535553464028038","235947386026669297930310421144780250910","336096019935149947584563433318192500410","268587052100394892615423073990776036495","294516321826862714633202397054723505922","293692983013023723515438354985097968040","331824959662458729581419606514221289741","199929378030754572028680991599821609706","214994378381979026070318865429634565927"]},"signature_version":"v1","deprecated":false},{"id":"CVE-2019-9917-0d90913d","source":"https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973","target":{"function":"TEST_F","file":"test/integration/tests/scripting.cpp"},"signature_type":"Function","digest":{"function_hash":"296490947557495495698556840745463224975","length":700},"signature_version":"v1","deprecated":false},{"id":"CVE-2019-9917-2a52a98e","source":"https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973","target":{"function":"CIRCNetwork::SetEncoding","file":"src/IRCNetwork.cpp"},"signature_type":"Function","digest":{"function_hash":"178979880052083639693043536343234372446","length":146},"signature_version":"v1","deprecated":false},{"id":"CVE-2019-9917-7bd8f15c","source":"https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973","target":{"function":"CZNC::FixupEncoding","file":"src/znc.cpp"},"signature_type":"Function","digest":{"function_hash":"125101303649470056653133603499956669889","length":143},"signature_version":"v1","deprecated":false},{"id":"CVE-2019-9917-8c77122a","source":"https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973","target":{"function":"CUser::SetClientEncoding","file":"src/User.cpp"},"signature_type":"Function","digest":{"function_hash":"293321452328121892227321759955430517692","length":173},"signature_version":"v1","deprecated":false},{"id":"CVE-2019-9917-bc8f8674","source":"https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973","target":{"file":"src/User.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["45578857716056444465828692694606500680","160927141101229919908502635119851227675","330343910617320700491909940605254650939","134425585766085492025684800141740463376","274035849413902230041635056705243702223","252846216533532613068451665393039115978"]},"signature_version":"v1","deprecated":false},{"id":"CVE-2019-9917-cbbdb625","source":"https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973","target":{"file":"modules/controlpanel.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["111298836504242310308272496850513804915","9388782646776428426526030157509005349","257161384823751252615798124025181257527","31465414230298443885241880409664645910"]},"signature_version":"v1","deprecated":false},{"id":"CVE-2019-9917-ef33d0b7","source":"https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973","target":{"function":"CZNC::ForceEncoding","file":"src/znc.cpp"},"signature_type":"Function","digest":{"function_hash":"233316471373385435759124824689329725750","length":209},"signature_version":"v1","deprecated":false},{"id":"CVE-2019-9917-f2bb6b6d","source":"https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973","target":{"file":"src/IRCNetwork.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["103017835089596055557836987390762724639","168429236088408346781483381823660671102","294478468469689669391425223505312240102","45635952350146212716839909869407165573","321557855222009988081285520692820523097","269180103670117207886993403664586808123"]},"signature_version":"v1","deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}