CVE-2003-0323

NameCVE-2003-0323
DescriptionMultiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function by (1) ctcp_buffer, (2) cannot_join_channel, (3) status_make_printable for Statusbar drawing, (4) create_server_list, and possibly other functions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-291, DSA-298
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
epic4 (PTS)wheezy1:2.10.1-1fixed
jessie1:2.10.5-2fixed
buster, sid, stretch1:2.10.6-1fixed
ircii (PTS)wheezy, jessie20060725-1fixed
stretch20151120-1fixed
buster, sid20170704-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
epic4source(unstable)1:1.1.11.20030409-1high
epic4sourcewoody1.1.2.20020219-2.1highDSA-298
irciisource(unstable)20030315-1high
irciisourcewoody20020322-1.1highDSA-291

Search for package or bug name: Reporting problems