CVE-2009-1789

EPSS 8.49%
Veröffentlicht 26.05.2009 16:30:02
Zuletzt bearbeitet 16.06.2026 23:08:03
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy.  NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 19

NVD 45 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eggheads ≫ Eggdrop Version1.6.0

Eggheads ≫ Eggdrop Version1.6.1

Eggheads ≫ Eggdrop Version1.6.2

Eggheads ≫ Eggdrop Version1.6.3

Eggheads ≫ Eggdrop Version1.6.4

Eggheads ≫ Eggdrop Version1.6.5

Eggheads ≫ Eggdrop Version1.6.6

Eggheads ≫ Eggdrop Version1.6.7

Eggheads ≫ Eggdrop Version1.6.8

Eggheads ≫ Eggdrop Version1.6.9

Eggheads ≫ Eggdrop Version1.6.10

Eggheads ≫ Eggdrop Version1.6.11

Eggheads ≫ Eggdrop Version1.6.12

Eggheads ≫ Eggdrop Version1.6.13

Eggheads ≫ Eggdrop Version1.6.14

Eggheads ≫ Eggdrop Version1.6.15

Eggheads ≫ Eggdrop Version1.6.16

Eggheads ≫ Eggdrop Version1.6.17

Eggheads ≫ Eggdrop Version1.6.18

Eggheads ≫ Eggdrop Version1.6.18 Updaterc1

Eggheads ≫ Eggdrop Irc Bot Version <= 1.6.19

Philip Moore ≫ Windrop Version <= 1.6.19

Philip Moore ≫ Windrop Version1.4.4 Editionfinal

Philip Moore ≫ Windrop Version1.4.6

Philip Moore ≫ Windrop Version1.5.4 Editionfinal

Philip Moore ≫ Windrop Version1.5.4 Updaterc1

Philip Moore ≫ Windrop Version1.5.4 Updaterc2

Philip Moore ≫ Windrop Version1.5.4a

Philip Moore ≫ Windrop Version1.6.0 Editionfinal

Philip Moore ≫ Windrop Version1.6.0 Updaterc1

Philip Moore ≫ Windrop Version1.6.0 Updaterc1-rel2

Philip Moore ≫ Windrop Version1.6.1

Philip Moore ≫ Windrop Version1.6.3

Philip Moore ≫ Windrop Version1.6.4 Updatesr1

Philip Moore ≫ Windrop Version1.6.6

Philip Moore ≫ Windrop Version1.6.7

Philip Moore ≫ Windrop Version1.6.8

Philip Moore ≫ Windrop Version1.6.9

Philip Moore ≫ Windrop Version1.6.10

Philip Moore ≫ Windrop Version1.6.12

Philip Moore ≫ Windrop Version1.6.13

Philip Moore ≫ Windrop Version1.6.15

Philip Moore ≫ Windrop Version1.6.16

Philip Moore ≫ Windrop Version1.6.17

Philip Moore ≫ Windrop Version1.6.18

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	8.49%	0.943

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/35690

http://www.debian.org/security/2009/dsa-1826

http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0129.html

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778

http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20&view=markup

Patch

Vendor Advisory

http://osvdb.org/54460

http://secunia.com/advisories/35104

Vendor Advisory

http://secunia.com/advisories/35158

http://www.mandriva.com/security/advisories?name=MDVSA-2009:126

http://www.securityfocus.com/archive/1/503574

http://www.securityfocus.com/bid/34985

http://www.vupen.com/english/advisories/2009/1340

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/50547

https://www.exploit-db.com/exploits/8695

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01333.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01337.html

https://nvd.nist.gov/vuln/detail/CVE-2009-1789

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1789

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1789

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2009-1789