CVE-2010-3438

NameCVE-2010-3438
Descriptionlibpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs581194

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libpoe-component-irc-perl (PTS)buster, bullseye6.90+dfsg-1fixed
sid, trixie, bookworm6.93+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libpoe-component-irc-perlsourcelenny5.84+dfsg-1+lenny1581194
libpoe-component-irc-perlsource(unstable)6.32+dfsg-1
Search for package or bug name: Reporting problems