{"id":"CVE-2021-33586","details":"InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the \"malformed PONG\" issue.","modified":"2026-04-11T17:26:00.572589Z","published":"2021-05-27T05:15:06.993Z","references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202107-22"},{"type":"FIX","url":"https://docs.inspircd.org/security/2021-01/"},{"type":"FIX","url":"https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/inspircd/inspircd","events":[{"introduced":"d38595e7e14e7509e744d33df657d50d00cc201f"},{"fixed":"6ff8f38a6d55970af1400cc78994e017ca351c39"},{"fixed":"4350a11c663b0d75f8119743bffb7736d87abd4d"}],"database_specific":{"versions":[{"introduced":"3.8.0"},{"fixed":"3.10.0"}]}}],"versions":["v3.8.0","v3.8.1","v3.9.0"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","digest":{"line_hashes":["172236433412257313883103957772383903383","220703310501416717366140712732379042131","52434925730221493171471376307921343860","70281737129417841586534436710458404628","263384407924776216272824341098924172406","315415170026200256221787970084830905795"],"threshold":0.9},"id":"CVE-2021-33586-44bd76ff","target":{"file":"include/clientprotocolmsg.h"},"source":"https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d","signature_type":"Line","deprecated":false},{"signature_version":"v1","digest":{"line_hashes":["324890397734487770979278848730261565209","249933969203486859797144565555425798009","122328167582706218575434760079144219617","206397735007201542476051935054925026908"],"threshold":0.9},"id":"CVE-2021-33586-6c241bbe","target":{"file":"src/coremods/core_user/core_user.cpp"},"source":"https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d","signature_type":"Line","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33586.json","vanir_signatures_modified":"2026-04-11T17:26:00Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}