CVE-2023-50784 - OpenCVE

A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Unrealircd	Unrealircd

Configuration 1 [-]

cpe:2.3:a:unrealircd:unrealircd:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://forums.unrealircd.org/viewtopic.php?t=9340
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/
https://lists.fedoraproject.org/archives/list/[email protected]/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/
https://lists.fedoraproject.org/archives/list/[email protected]/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/
https://www.unrealircd.org/index/news

History

Tue, 04 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.fedoraproject.org/archives/list/[email protected]/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/ https://lists.fedoraproject.org/archives/list/[email protected]/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-16T00:00:00.000Z

Updated: 2025-11-04T18:20:38.641Z

Reserved: 2023-12-14T00:00:00.000Z

Link: CVE-2023-50784

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-16T23:15:40.770

Modified: 2025-11-04T19:16:14.590

Link: CVE-2023-50784

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-50784", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-11-04T18:20:38.641Z", "dateReserved": "2023-12-14T00:00:00.000Z", "datePublished": "2023-12-16T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-12-26T03:06:13.346Z"}, "descriptions": [{"lang": "en", "value": "A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.unrealircd.org/index/news"}, {"url": "https://forums.unrealircd.org/viewtopic.php?t=9340"}, {"name": "FEDORA-2023-41f41fbb69", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"}, {"name": "FEDORA-2023-7c6c696102", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "source": {"discovery": "INTERNAL"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.unrealircd.org/index/news", "tags": ["x_transferred"]}, {"url": "https://forums.unrealircd.org/viewtopic.php?t=9340", "tags": ["x_transferred"]}, {"name": "FEDORA-2023-41f41fbb69", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"}, {"name": "FEDORA-2023-7c6c696102", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T18:20:38.641Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:unrealircd:unrealircd:*:*:*:*:*:*:*:*", "matchCriteriaId": "574ACE08-97D7-4495-BF19-0F2EA0631ECA", "versionEndExcluding": "6.1.4", "versionStartIncluding": "6.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en websockets en UnrealIRCd 6.1.0 hasta 6.1.3 anterior a 6.1.4 permite que un atacante remoto no autenticado bloquee el servidor enviando un paquete de gran tama\u00f1o (si un puerto websocket est\u00e1 abierto). La ejecuci\u00f3n remota de c\u00f3digo podr\u00eda ser posible en algunas plataformas antiguas y poco comunes."}], "id": "CVE-2023-50784", "lastModified": "2025-11-04T19:16:14.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-12-16T23:15:40.770", "references": [{"source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://forums.unrealircd.org/viewtopic.php?t=9340"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"}, {"source": "[email protected]", "tags": ["Product"], "url": "https://www.unrealircd.org/index/news"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://forums.unrealircd.org/viewtopic.php?t=9340"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.unrealircd.org/index/news"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "[email protected]", "type": "Primary"}]}