CVE-2010-2785

NameCVE-2010-2785
DescriptionThe IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2078-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kvirc (PTS)wheezy4:4.1.3+20111124.svn5988-2fixed
jessie4:4.2.0-2fixed
stretch4:4.2.0-3fixed
buster, sid4:4.9.2~git20171002+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kvircsource(unstable)4:4.0.0-3medium
kvircsourcelenny2:3.4.0-6mediumDSA-2078-1

Search for package or bug name: Reporting problems