CVE-2009-1789

2009-05-2616:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2009-1789

information security

denial of service

eggheads eggdrop

windrop

remote attack

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.049 Low

EPSS

Percentile

92.8%

JSON

mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.

CPENameOperatorVersion
eggheads:eggdropeggheads eggdropeq1.6.13
philip_moore:windropphilip moore windropeq1.6.1
philip_moore:windropphilip moore windropeq1.6.18
eggheads:eggdropeggheads eggdropeq1.6.6
philip_moore:windropphilip moore windropeq1.6.0
eggheads:eggdropeggheads eggdropeq1.6.10
philip_moore:windropphilip moore windropeq1.4.6
philip_moore:windropphilip moore windropeq1.6.10
philip_moore:windropphilip moore windropeq1.6.4
eggheads:eggdrop_irc_boteggheads eggdrop irc botle1.6.19

CPE	Name	Operator	Version
eggheads:eggdrop	eggheads eggdrop	eq	1.6.13
philip_moore:windrop	philip moore windrop	eq	1.6.1
philip_moore:windrop	philip moore windrop	eq	1.6.18
eggheads:eggdrop	eggheads eggdrop	eq	1.6.6
philip_moore:windrop	philip moore windrop	eq	1.6.0
eggheads:eggdrop	eggheads eggdrop	eq	1.6.10
philip_moore:windrop	philip moore windrop	eq	1.4.6
philip_moore:windrop	philip moore windrop	eq	1.6.10
philip_moore:windrop	philip moore windrop	eq	1.6.4
eggheads:eggdrop_irc_bot	eggheads eggdrop irc bot	le	1.6.19