Description
BarnOwl before 1.6.2 does not check the return code of calls to the (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
http://github.com/barnowl/barnowl/blob/barnowl-1.6.2/ChangeLog
Vendor Advisory x_refsource_confirm
http://barnowl.mit.edu/wiki/release-notes/1.6.2
Scores
EPSS
0.0150
EPSS Percentile
81.3%
Details
CWE
CWE-20
Status
published
Products (18)
barnowl/barnowl
1.0.0
barnowl/barnowl
1.0.1
barnowl/barnowl
1.0.2
barnowl/barnowl
1.0.2.1
barnowl/barnowl
1.0.3
barnowl/barnowl
1.0.4
barnowl/barnowl
1.0.4.1
barnowl/barnowl
1.0.5
barnowl/barnowl
1.1
barnowl/barnowl
1.1.1
... and 8 more
Published
Aug 05, 2010
Tracked Since
Feb 18, 2026