znc: invalid encoding leading to remote code execution (CVE-2019-12816)
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.
References:
Patch:
https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311
Affected branches:
-
master (62a80018) -
3.10-stable -
3.9-stable -
3.8-stable -
3.7-stable