Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0328 — Epic4 vulnerability

7 documents7 sources

Severity

7.5HIGHNVD

EPSS

5.9%

top 9.39%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Epic Epic4 Debian Epic4

Timeline

PublishedJun 9

Latest updateMay 3

Description

EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/epic4< epic4 1:1.1.11.20030409-2 (bookworm)

▶Debianepic/epic4< 1:1.1.11.20030409-2+3

▶NVDepic/epic4pre2.002, pre2.003+1

Patches

Patch: ftp.prbh.org ↗Patch: ftp.prbh.org ↗

🔴Vulnerability Details

GHSA

GHSA-hvrc-56qp-9hgv: EPIC IRC Client (EPIC4) pre2↗2022-05-03

▶

OSV

CVE-2003-0328: EPIC IRC Client (EPIC4) pre2↗2003-06-09

▶

💥Exploits & PoCs

Exploit-DB

Epic 1.0.1/1.0.x - CTCP Nickname Server Message Buffer Overrun↗2003-11-10

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-09-05

▶

Debian

CVE-2003-0328: epic4 - EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows ...↗2003

▶

💬Community

Bugzilla

CVE-2003-0328 security flaw↗2018-08-16

▶