CVE-2006-6811
high-risk
Published 2006-12-29
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.
Do I need to act?
~
5.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ LOW complexity
Affected Products (4)
References (26)
Broken Link
http://osvdb.org/33443
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200701-26.xml
Broken Link
http://securitytracker.com/id?1017453
Third Party Advisory
http://www.kde.org/info/security/advisory-20070109-1.txt
Broken Link
http://www.securityfocus.com/bid/21790
Third Party Advisory
http://www.ubuntu.com/usn/usn-409-1
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31134
Broken Link
https://issues.rpath.com/browse/RPL-922
Broken Link
http://osvdb.org/33443
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200701-26.xml
Broken Link
http://securitytracker.com/id?1017453
Third Party Advisory
http://www.kde.org/info/security/advisory-20070109-1.txt
and 6 more references
50
/ 100
high-risk
Severity
24/34 · High
Exploitability
16/34 · Moderate
Exposure
10/34 · Low