Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-1959

Published: 08/06/2009 Updated: 17/08/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Irssi

Vulnerability Summary

Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.

Vulnerable Product Search on Vulmon Subscribe to Product

irssi irssi 0.8.13

Vendor Advisories

Debian CVElist Bug Report Logs: irssi WALLOPS heap off-by-one
Debian Bug report logs - #531357 irssi WALLOPS heap off-by-one Package: irssi; Maintainer for irssi is Rhonda D'Vine <rhonda@debianorg>; Source for irssi is src:irssi (PTS, buildd, popcon) Reported by: Craig <craig@haquarterde> Date: Sun, 31 May 2009 21:42:02 UTC Severity: important Tags: security Merged with 5326 ...
Ubuntu Security Notice: irssi vulnerability
It was discovered that irssi did not properly check the length of strings when processing WALLOPS messages If a user connected to an IRC network where an attacker had IRC operator privileges, a remote attacker could cause a denial of service ...

Exploits

Exploit DB: Irssi 0.8.13 - 'WALLOPS' Message Off-by-One Heap Memory Corruption
source: wwwsecurityfocuscom/bid/35399/info Irssi is prone to an off-by-one, heap-based, memory-corruption vulnerability because it fails to properly bounds-check user-supplied data before copying it into a memory buffer Attackers can exploit this issue to crash the vulnerable client, resulting in a denial-of-service condition Given the ...

References

CWE-189http://bugs.irssi.org/index.php?do=details&task_id=662http://xorl.wordpress.com/2009/05/28/irssi-event_wallops-off-by-one-readwrite/http://www.irssi.org/ChangeLoghttp://www.openwall.com/lists/oss-security/2009/05/29/3http://www.mandriva.com/security/advisories?name=MDVSA-2009:133http://www.securitytracker.com/id?1022410http://www.vupen.com/english/advisories/2009/1596http://www.securityfocus.com/bid/35399http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://www.ubuntu.com/usn/usn-800-1http://secunia.com/advisories/35812http://secunia.com/advisories/35685http://secunia.com/advisories/36152https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00146.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/51184https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531357https://usn.ubuntu.com/800-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/33041/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook