← Volver a CVEs

CVE-2010-3438

CRITICAL

9.8

Descripcion

libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado11/12/2019

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

debian:debian_linuxfedoraproject:fedoralibpoe-component-irc-perl_project:libpoe-component-irc-perl

Debilidades (CWE)

CWE-134

Referencias

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194(secalert@redhat.com)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438(secalert@redhat.com)

https://security-tracker.debian.org/tracker/CVE-2010-3438(secalert@redhat.com)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438(af854a3a-2127-422b-91ae-364da2661108)

https://security-tracker.debian.org/tracker/CVE-2010-3438(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.