PT-2007-3969 · Voodoo · Voodoo Circle

Published

2007-05-14

Updated

2017-07-29

CVE-2007-2651

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions VooDoo cIRCle versions prior to 1.1.beta27

Description The issue is caused by multiple off-by-one errors, which can be exploited by remote attackers. This can lead to a denial of service, resulting in connection loss, or potentially allow the execution of arbitrary code. The errors can be triggered by a DNS name response that exactly matches the length of a buffer, or by using a long channel name, partyline channel name, or other unspecified vectors in crafted BOTNET packets.

Recommendations For versions prior to 1.1.beta27, update to version 1.1.beta27 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2651

Affected Products

Voodoo Circle

PT-2007-3969 · Voodoo · Voodoo Circle

CVE-2007-2651

Related Identifiers

Affected Products

References · 7