PT-2003-1532 · Epic4 · Epic Irc Client

Published

2003-05-22

Updated

2008-09-05

CVE-2003-0328

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: EPIC IRC Client (EPIC4) versions pre2.002 through pre2.003

Description: The issue allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname. This occurs due to an incorrect length calculation.

Recommendations: For EPIC IRC Client (EPIC4) versions pre2.002 through pre2.003, consider disabling CTCP requests from unknown or untrusted sources until a patch is available. Restrict access to the IRC client to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0328

DSA-306

DSA-399

Affected Products

Epic Irc Client

PT-2003-1532 · Epic4 · Epic Irc Client

CVE-2003-0328

Related Identifiers

Affected Products

References · 9