| Vulnerability Name: | CVE-2003-0328 (CCN-12445) | ||||||||||||
| Assigned: | 2003-05-09 | ||||||||||||
| Published: | 2003-05-09 | ||||||||||||
| Updated: | 2008-09-05 | ||||||||||||
| Summary: | EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation. | ||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: CCN Type: prbh FTP site Possible remote exploit from rogue server, exploit exists. Source: CONFIRM Type: Patch, Vendor Advisory ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1 Source: MITRE Type: CNA CVE-2003-0328 Source: CCN Type: RHSA-2003-342 Updated EPIC packages fix security vulnerability Source: DEBIAN Type: UNKNOWN DSA-306 Source: DEBIAN Type: UNKNOWN DSA-399 Source: DEBIAN Type: DSA-306 ircii-pana -- buffer overflows Source: DEBIAN Type: DSA-399 epic4 -- buffer overflow Source: CCN Type: OSVDB ID: 11826 EPIC IRC Client Large Nickname CTCP Request Remote Overflow Source: REDHAT Type: UNKNOWN RHSA-2003:342 Source: CCN Type: SecuriTeam Mailing List, Security Holes & Exploits 27 Nov 2003 EPIC4 CTCP Nicknames Buffer Overflow Source: CCN Type: BID-8999 Epic CTCP Nickname Server Message Buffer Overrun Vulnerability Source: XF Type: UNKNOWN epic4-ctcp-code-execution(12445) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||