CVE-2007-4400 — CRLF Injection in Konversation

7 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

2.2%

top 15.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Konversation Debian Konversation

Timeline

PublishedAug 18

Latest updateMay 1

Description

CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/konversation< konversation 1.0.1-4 (bookworm)

▶Debiankonversation/konversation< 1.0.1-4+3

🔴Vulnerability Details

GHSA

GHSA-6mmx-fhq4-jh82: CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via↗2022-05-01

▶

OSV

CVE-2007-4400: CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via↗2007-08-18

▶

📋Vendor Advisories

Debian

CVE-2007-4400: konversation - CRLF injection vulnerability in the included media script in Konversation allows...↗2007

▶

Red Hat

konversation: Command injection in media script via crafted song tag↗

▶

💬Community

Bugzilla

CVE-2007-4400 Command injection in media script via crafted song tag [Fdevel]↗2007-11-01

▶

Bugzilla

CVE-2007-4400 konversation: Command injection in media script via crafted song tag↗2007-08-20

▶