Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0594

6 documents6 sources

Severity

5.0MEDIUM

EPSS

10.8%

top 6.64%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Caldera Openlinux Desktop Caldera Openlinux Ebuilder Caldera Openlinux Edesktop +3 more

Timeline

PublishedJul 4

Latest updateApr 30

Description

BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDcaldera/openlinux_desktop2.3

▶NVDcaldera/openlinux_eserver2.3

▶NVDcaldera/openlinux_ebuilder2.3

▶NVDcaldera/openlinux_edesktop2.4

▶NVDmandrakesoft/mandrake_linux2007

Also affects: Freebsd 3.5, 4.0

🔴Vulnerability Details

GHSA

GHSA-gghx-4gcj-rpw8: BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a↗2022-04-30

▶

CVEList

CVE-2000-0594: BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a↗2000-10-13

▶

💥Exploits & PoCs

Exploit-DB

BitchX IRC Client 75p1/75p3/1.0 c16 - '/INVITE' Format String↗2000-07-05

▶

📋Vendor Advisories

Red Hat

security flaw↗2000-07-05

▶

💬Community

Bugzilla

CVE-2000-0594 security flaw↗2018-08-16

▶