CVE-2006-6811 - KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string

CVE-2006-6811

Summary

KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.

References

Vulnerable Configurations

cpe:2.3:a:kde:ksirc:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:kde:ksirc:1.3.12:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 08-02-2024 - 02:22)
Impact:
Exploitability:

CWE

CWE-617

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	21790
bugtraq	20070109 [KDE Security Advisory] ksirc Denial of Service vulnerability
confirm	http://www.kde.org/info/security/advisory-20070109-1.txt https://issues.rpath.com/browse/RPL-922
exploit-db	3023
gentoo	GLSA-200701-26
mandriva	MDKSA-2007:009
misc	http://www.addict3d.org/index.php?page=viewarticle&trace=0&type=security&ID=8468
osvdb	33443
sectrack	1017453
ubuntu	USN-409-1
vupen	ADV-2006-5199
xf	ksirc-privmsg-bo(31134)

statements via4

contributor	Mark J Cox
lastmodified	2007-01-18
organization	Red Hat
statement	We do not consider a crash of a client application such as KsIRC to be a security issue.

Last major update

08-02-2024 - 02:22

Published

29-12-2006 - 11:28

Last modified

08-02-2024 - 02:22