CVE-2002-1488
published 2003-04-02CVE-2002-1488: The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing…
PriorityP413medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
2.98%
85.6th percentile
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cerulean_studios | trillian | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Failure to Handle Missing Parameter
mitre_cwe·CVSS 5.0
[MEDIUM] CWE-234 Failure to Handle Missing Parameter
CWE-234: Failure to Handle Missing Parameter
If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Confidentiality, Availability, Access Control. Impact: Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity. There is the potential for arbitrary code execution with privileges of the vulnerable program if function parameter list is exhausted.
Scope: Availability. Impact: DoS: Crash, Exit, or Restart. Potentially a program could fail if it needs more arguments then are available.
Potential Mitigations:
[Build and Compilation] This iss
CWE
Improper Handling of Undefined Parameters
mitre_cwe·CVSS 5.0
CVE-2002-1488 [MEDIUM] CWE-236 Improper Handling of Undefined Parameters
CWE-236: Improper Handling of Undefined Parameters
The product does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Unexpected State.
Observed Examples:
CVE-2002-1488: Crash in IRC client via PART message from a channel the user is not in.
CVE-2001-0650: Router crash or bad route modification using BGP updates with invalid transitive attribute.
http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.htmlhttp://www.iss.net/security_center/static/10162.phphttp://www.securityfocus.com/bid/5776http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.htmlhttp://www.iss.net/security_center/static/10162.phphttp://www.securityfocus.com/bid/5776
2003-04-02
Published