3 matches found
CVE-2006-4127
The CVE-2006-4127 entry covers format string vulnerabilities in DConnect Daemon (versions up to 0.7.0). The issue arises when calling privmsg() or pubmsg from the files cmd.user.c, penalties.c, or cmd.dc.c, allowing remote administrators to execute arbitrary code due to improper handling of forma...
CVE-2006-4126
The CVE-2006-4126 entry concerns DConnect Daemon up to version 0.7.0. The dc_chat function in cmd.dc.c is vulnerable: a remote attacker can send a client message before providing a nickname, triggering a null pointer dereference and causing an application crash (denial of service). The descriptio...
CVE-2006-4125
The CVE-2006-4125 entry describes a stack-based buffer overflow in the DConnect Daemon (main.c) for version 0.7.0 and earlier. The overflow is triggered by processing a large nickname in the UDP listen_thread_udp path, allowing remote attackers to potentially execute arbitrary code. Affected soft...