PatchSiren

Atheme CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Atheme CVE published 2017-03-02

CVE-2017-6384

CVE-2017-6384 describes a memory leak in Atheme's login_user function that can be triggered by a remote unauthenticated attacker to consume memory and cause a denial of service. The issue affects Atheme 7.2.7 and is fixed in 7.2.8.