CVE-2004-0238

Name of the Vulnerable Software and Affected Versions 0verkill version 0.15pre3

Description The issue is related to multiple buffer overflows that could allow local users to execute arbitrary code in the client via a long HOME environment variable in the load cfg and save cfg functions. Additionally, it might allow remote attackers to execute arbitrary code via long strings to the send message function, and in the server, via the parse command line function.

Recommendations For 0verkill version 0.15pre3, as a temporary workaround, consider restricting the length of the HOME environment variable and input strings to the send message and parse command line functions until a patch is available. Avoid using long strings in these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.