CVE-2003-0323

NameCVE-2003-0323
DescriptionMultiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function by (1) ctcp_buffer, (2) cannot_join_channel, (3) status_make_printable for Statusbar drawing, (4) create_server_list, and possibly other functions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-291, DSA-298

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
epic4 (PTS)buster, stretch1:2.10.6-1fixed
bullseye1:2.10.6-1.1fixed
bookworm, sid1:2.10.10-1fixed
ircii (PTS)stretch20151120-1fixed
stretch (security)20151120-1+deb9u1fixed
buster20190117-1+deb10u1fixed
bullseye20210314+really20190117-1fixed
bookworm, sid20210328-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
epic4sourcewoody1.1.2.20020219-2.1DSA-298
epic4source(unstable)1:1.1.11.20030409-1
irciisourcewoody20020322-1.1DSA-291
irciisource(unstable)20030315-1

Search for package or bug name: Reporting problems