CVE-2010-2448

znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.

Published: Jul 12, 2010
Updated: Nov 9, 2025
CVE: CVE-2010-2448
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
znc / znc	0.074	0.074.x
znc / znc	0.044	0.044.x
znc / znc	0.072	0.072.x
znc / znc	0.062	0.062.x
znc / znc	0.045	0.045.x
znc / znc	0.052	0.052.x
znc / znc	0.058	0.058.x
znc / znc	0.080	0.080.x
znc / znc	0.043	0.043.x
znc / znc	0.056	0.056.x
znc / znc	0.078	0.078.x
znc / znc	0.050	0.050.x
znc / znc	-	0.090.x
znc / znc	0.034	0.034.x
znc / znc	0.076	0.076.x
znc / znc	0.070	0.070.x
znc / znc	0.064	0.064.x
znc / znc	0.068	0.068.x
znc / znc	0.054	0.054.x
znc / znc	0.060	0.060.x
znc / znc	0.041	0.041.x
znc / znc	0.047	0.047.x
znc / znc	0.066	0.066.x

Vulnerability Database

302,032

CVE-2010-2448

Deep Security Visibility Without the Complexity