matrix-appservice-irc vulnerable to IRC mode parameter confusion

Impact IRC allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such modes incorrectly, potentially resulting in the wrong user being given permissions. Mode command...

GHSA-XVQG-MV25-RWVW Parsing issue in matrix-org/node-irc leading to room takeovers

Impact Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. Patched The vulnerability has been patched in matrix-appservice-irc 0.35.0...

CVE-2022-39203 Parsing issue in matrix-org/node-irc leading to room takeovers

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The...

PT-2022-24803 · Node-Irc +1 · Node-Irc +1

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions prior to 0.35.0 Description: The issue arises from a bug in the underlying matrix-org/node-irc library, causing matrix-appservice-irc to incorrectly parse multiple modes in a single mode command. This can...

Matrix matrix-appservice-irc 资源管理错误漏洞

matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A resource management error vulnerability exists in Matrix matrix-appservice-irc prior to version 0.35.0, which stems from an error in the underlying matrix-org/node-irc...

GHSA-37HR-348P-RMF4 Improper handling of multiline messages in node-irc affects matrix-appservice-irc

matrix-appservice-irc provides an IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. In terms of ...

Improper handling of multiline messages in node-irc affects matrix-appservice-irc

matrix-appservice-irc provides an IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. In terms of ...

Improper handling of multiline messages in node-irc

node-irc is a socket wrapper for the IRC protocol that extends Node.js' EventEmitter. The vulnerability allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. Incorrect handling of a CR character allowed for making part of...

GHSA-52RH-5RPJ-C3W6 Improper handling of multiline messages in node-irc

node-irc is a socket wrapper for the IRC protocol that extends Node.js' EventEmitter. The vulnerability allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. Incorrect handling of a CR character allowed for making part of...