Irssi Off-by-one Read/Write DoS Vulnerability (Linux) Network Vulnerability

Summary

This host has installed Irssi and is prone to Denial of Service Vulnerability

Impact

Successful exploitation will allow attackers to cause memory corruption, and can crash an affected application by tricking a user into connecting to a malicious IRC server. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

Off-by-one error in the 'event_wallops' function in fe-common/irc/fe-events.c when processing empty commands sent by IRC servers, which triggers a one-byte buffer under-read and a one-byte buffer underflow.

Affected

Irssi version 0.8.13 and prior on Linux

References

http://bugs.irssi.org/index.php?do=details&task_id=662
http://www.securitytracker.com/alerts/2009/Jun/1022410.html
http://www.vupen.com/english/advisories/2009/1596

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1959

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Asterisk RTP Text Frames Denial Of Service Vulnerability
Apple Safari Malformed URI Remote DoS Vulnerability (Win)
Ciscokits TFTP Server Long Filename Denial Of Service Vulnerability
ClamAV Prior to 0.96.5 Multiple Vulnerabilities
Denial of Service vulnerability in AVG Anti-Virus (Linux)

Take action and discover your vulnerabilities