CVE-2005-0130 — Konversation vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.6%

top 18.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Konversation Debian Konversation Berlios Konversation

Timeline

PublishedApr 14

Latest updateMay 1

Description

Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/konversation< konversation 0.15-3 (bookworm)

▶Debiankonversation/konversation< 0.15-3+3

▶NVDberlios/konversation0.15

🔴Vulnerability Details

GHSA

GHSA-p377-w2fq-v7c4: Certain Perl scripts in Konversation 0↗2022-05-01

▶

OSV

CVE-2005-0130: Certain Perl scripts in Konversation 0↗2005-04-14

▶

📋Vendor Advisories

Debian

CVE-2005-0130: konversation - Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbi...↗2005

▶