Starcadi

**Name of the Vulnerable Software and Affected Versions** Rhapsody IRC version 0.28b **Description** The issue allows remote attackers to execute arbitrary code due to multiple buffer overflows. This can be achieved through various means, including a long command, a long server argument to the connect or server commands, a long nick argument to the nick command, or a long nick or message argument to the ctcp, chat, notice, message (msg), or query commands. **Recommendations** For Rhapsody IRC version 0.28b, consider disabling the affected commands (connect, server, nick, ctcp, chat, notice, message, query) until a patch is available to prevent exploitation. Restrict access to these commands to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Rhapsody IRC version 0.28b **Description** The issue involves multiple format string vulnerabilities in the comm.c file. These vulnerabilities allow remote attackers to execute arbitrary code via format string specifiers to the `create ctcp message` function. The attack vectors include the `me` and `ctcp` commands, and possibly the `whois`, `mode`, and `topic` commands, by providing malicious input as the `message` argument. **Recommendations** For Rhapsody IRC version 0.28b, consider disabling the `create ctcp message` function or restricting the use of the `me` and `ctcp` commands until a patch is available. Additionally, limiting the input to the `whois`, `mode`, and `topic` commands may help minimize the risk of exploitation.